CVEs from 2017
Total
11,607
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18362 | unknown | — | 1.5 | 4y ago | ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. | |||
| CVE-2017-0005 | unknown | — | 1.5 | 4y ago | The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application. | |||
| CVE-2017-0210 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information. | |||
| CVE-2017-8543 | unknown | — | 1.5 | 4y ago | Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory. | |||
| CVE-2017-0149 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website. | |||
| CVE-2017-0022 | unknown | — | 1.5 | 4y ago | Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site. | |||
| CVE-2017-12233 | unknown | — | 1.5 | 4y ago | There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resu… | |||
| CVE-2017-12232 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an … | |||
| CVE-2017-6627 | unknown | — | 1.5 | 4y ago | A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an inter… | |||
| CVE-2017-6738 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |||
| CVE-2017-6739 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected sys… | |||
| CVE-2017-6740 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected sys… | |||
| CVE-2017-6743 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |||
| CVE-2017-11826 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could … | |||
| CVE-2017-6744 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or ca… | |||
| CVE-2017-11292 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution. | |||
| CVE-2017-0001 | unknown | — | 1.5 | 4y ago | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol… | |||
| CVE-2017-12231 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service. | |||
| CVE-2017-6737 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |||
| CVE-2017-12238 | unknown | — | 1.5 | 4y ago | A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service. | |||
| CVE-2017-12319 | unknown | — | 1.5 | 4y ago | A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to r… | |||
| CVE-2017-0261 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution. | |||
| CVE-2017-12237 | unknown | — | 1.5 | 4y ago | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, … | |||
| CVE-2017-12235 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload… | |||
| CVE-2017-12234 | unknown | — | 1.5 | 4y ago | There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resu… | |||
| CVE-2017-12240 | unknown | — | 1.5 | 4y ago | The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrar… | |||
| CVE-2017-6663 | unknown | — | 1.5 | 4y ago | A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to… | |||
| CVE-2017-0222 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. | |||
| CVE-2017-0262 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Office. | |||
| CVE-2017-11774 | unknown | — | 1.5 | 5y ago | Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands. | |||
| CVE-2017-2619 | unknown | — | 1.0 | — | Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. | |||
| CVE-2017-15118 | unknown | — | 1.0 | — | A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be li… | |||
| CVE-2017-18344 | unknown | — | 1.0 | — | The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access… | |||
| CVE-2017-13216 | unknown | — | 1.0 | — | In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged… | |||
| CVE-2017-8046 | unknown | — | 1.0 | 4y ago | Remote code execution in PATCH requests in Spring Data REST | |||
| CVE-2017-7804 | unknown | — | — | — | The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location i… | |||
| CVE-2017-18343 | unknown | — | — | — | The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as de… | |||
| CVE-2017-9269 | unknown | — | — | — | In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential mali… | |||
| CVE-2017-7435 | unknown | — | — | — | In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into… | |||
| CVE-2017-2910 | unknown | — | — | — | An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An at… | |||
| CVE-2017-12109 | unknown | — | — | — | An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resul… | |||
| CVE-2017-15120 | unknown | — | — | — | An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of … | |||
| CVE-2017-12164 | unknown | — | — | — | A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as ano… | |||
| CVE-2017-12806 | unknown | — | — | — | In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service. | |||
| CVE-2017-2628 | unknown | — | — | — | curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanw… | |||
| CVE-2017-7165 | unknown | — | — | — | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |||
| CVE-2017-7161 | unknown | — | — | — | An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via … | |||
| CVE-2017-13885 | unknown | — | — | — | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |||
| CVE-2017-13884 | unknown | — | — | — | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |||
| CVE-2017-18551 | unknown | — | — | — | An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. | |||
| CVE-2017-18552 | unknown | — | — | — | An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_latency. | |||
| CVE-2017-18550 | unknown | — | — | — | An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo… | |||
| CVE-2017-18549 | unknown | — | — | — | An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply s… | |||
| CVE-2017-18595 | unknown | — | — | — | An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. | |||
| CVE-2017-18379 | unknown | — | — | — | In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. | |||
| CVE-2017-18360 | unknown | — | — | — | In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set ve… | |||
| CVE-2017-18261 | unknown | — | — | — | The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file u… | |||
| CVE-2017-18249 | unknown | — | — | — | The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibl… | |||
| CVE-2017-18241 | unknown | — | — | — | fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a… | |||
| CVE-2017-18224 | unknown | — | — | — | In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local… | |||
| CVE-2017-18221 | unknown | — | — | — | The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlock… | |||
| CVE-2017-18208 | unknown | — | — | — | The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. | |||
| CVE-2017-18202 | unknown | — | — | — | The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free)… | |||
| CVE-2017-18079 | unknown | — | — | — | drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact becau… | |||
| CVE-2017-16911 | unknown | — | — | — | The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is atta… | |||
| CVE-2017-15129 | unknown | — | — | — | A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::… | |||
| CVE-2017-15128 | unknown | — | — | — | A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG). | |||
| CVE-2017-15126 | unknown | — | — | — | A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly… | |||
| CVE-2017-13215 | unknown | — | — | — | A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel. | |||
| CVE-2017-12171 | unknown | — | — | — | A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator cou… | |||
| CVE-2017-2624 | unknown | — | — | — | It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xo… | |||
| CVE-2017-12185 | unknown | — | — | — | xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-12186 | unknown | — | — | — | xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-12184 | unknown | — | — | — | xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-12181 | unknown | — | — | — | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-12180 | unknown | — | — | — | xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-17663 | unknown | — | — | — | The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution. | |||
| CVE-2017-9271 | unknown | — | — | — | The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. | |||
| CVE-2017-7436 | unknown | — | — | — | In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into… | |||
| CVE-2017-2661 | unknown | — | — | — | ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. | |||
| CVE-2017-7482 | unknown | — | — | — | In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the … | |||
| CVE-2017-14178 | unknown | — | — | — | In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's acce… | |||
| CVE-2017-7558 | unknown | — | — | — | A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13… | |||
| CVE-2017-7518 | unknown | — | — | — | A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug except… | |||
| CVE-2017-2634 | unknown | — | — | — | It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP conne… | |||
| CVE-2017-2618 | unknown | — | — | — | A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to … | |||
| CVE-2017-18509 | unknown | — | — | — | An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop ge… | |||
| CVE-2017-18270 | unknown | — | — | — | In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. | |||
| CVE-2017-18257 | unknown | — | — | — | The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate s… | |||
| CVE-2017-18255 | unknown | — | — | — | The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified … | |||
| CVE-2017-18232 | unknown | — | — | — | The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certa… | |||
| CVE-2017-18222 | unknown | — | — | — | In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service … | |||
| CVE-2017-18216 | unknown | — | — | — | In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used. | |||
| CVE-2017-18204 | unknown | — | — | — | The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. | |||
| CVE-2017-18203 | unknown | — | — | — | The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during crea… | |||
| CVE-2017-18200 | unknown | — | — | — | The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demon… | |||
| CVE-2017-18193 | unknown | — | — | — | fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads. | |||
| CVE-2017-18174 | unknown | — | — | — | In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. | |||
| CVE-2017-18169 | unknown | — | — | — | User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | |||
| CVE-2017-18218 | unknown | — | — | — | In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by lever… |