CVEs from 2017
Total
11,607
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0037 | unknown | — | 2.5 | 4y ago | Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. | |||
| CVE-2017-0059 | unknown | — | 2.5 | 4y ago | Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site. | |||
| CVE-2017-0213 | unknown | — | 2.5 | 4y ago | Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application. | |||
| CVE-2017-6334 | unknown | — | 2.5 | 4y ago | dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands | |||
| CVE-2017-6316 | unknown | — | 2.5 | 4y ago | A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthent… | |||
| CVE-2017-0146 | unknown | — | 2.5 | 4y ago | The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution. | |||
| CVE-2017-3881 | unknown | — | 2.5 | 4y ago | A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected … | |||
| CVE-2017-0101 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. | |||
| CVE-2017-6077 | unknown | — | 2.5 | 4y ago | NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution. | |||
| CVE-2017-6736 | unknown | — | 2.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |||
| CVE-2017-8540 | unknown | — | 2.5 | 4y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-8570 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. | |||
| CVE-2017-0263 | unknown | — | 2.5 | 4y ago | Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory. | |||
| CVE-2017-10271 | unknown | — | 2.5 | 4y ago | Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution. | |||
| CVE-2017-0145 | unknown | — | 2.5 | 4y ago | The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. | |||
| CVE-2017-0144 | unknown | — | 2.5 | 4y ago | The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. | |||
| CVE-2017-8464 | unknown | — | 2.5 | 4y ago | Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file | |||
| CVE-2017-5689 | unknown | — | 2.5 | 4y ago | Intel products contain a vulnerability which can allow attackers to perform privilege escalation. | |||
| CVE-2017-17562 | unknown | — | 2.5 | 5y ago | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. | |||
| CVE-2017-12149 | unknown | — | 2.5 | 5y ago | The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data. | |||
| CVE-2017-0143 | unknown | — | 2.5 | 5y ago | Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution. | |||
| CVE-2017-6327 | unknown | — | 2.5 | 5y ago | Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform p… | |||
| CVE-2017-9248 | unknown | — | 2.5 | 5y ago | Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey… | |||
| CVE-2017-0199 | unknown | — | 2.5 | 5y ago | Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution. | |||
| CVE-2017-11882 | unknown | — | 2.5 | 5y ago | Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user. | |||
| CVE-2017-8759 | unknown | — | 2.5 | 5y ago | Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system. | |||
| CVE-2017-7269 | unknown | — | 2.5 | 5y ago | Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If… | |||
| CVE-2017-1000486 | unknown | — | 2.5 | 5y ago | Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution | |||
| CVE-2017-5638 | unknown | — | 2.5 | 8y ago | Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution. | |||
| CVE-2017-12615 | unknown | — | 2.5 | 8y ago | When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it conta… | |||
| CVE-2017-9805 | unknown | — | 2.5 | 8y ago | Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads. | |||
| CVE-2017-9822 | unknown | — | 2.5 | 8y ago | DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization. | |||
| CVE-2017-11850 | low | 2.5 | 2.5 | 9y ago | Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacke… | |||
| CVE-2017-11768 | low | 2.5 | 2.5 | 9y ago | Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Wi… | |||
| CVE-2017-1211 | low | 2.5 | 2.5 | 9y ago | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851. | |||
| CVE-2017-1346 | low | 2.5 | 2.5 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 1264… | |||
| CVE-2017-1144 | low | 2.5 | 2.5 | 9y ago | IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. | |||
| CVE-2017-2109 | low | 2.5 | 2.5 | 9y ago | Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. | |||
| CVE-2017-3513 | low | 2.5 | 2.5 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit v… | |||
| CVE-2017-2705 | low | 2.4 | 2.4 | 9y ago | Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365,… | |||
| CVE-2017-13844 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Re… | |||
| CVE-2017-13805 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a… | |||
| CVE-2017-7139 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug … | |||
| CVE-2017-7082 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewal… | |||
| CVE-2017-7058 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Notifications" component. It allows physically proximate attackers to read unintended notific… | |||
| CVE-2017-7407 | low | 2.4 | 2.4 | 9y ago | The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a w… | |||
| CVE-2017-2397 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Accounts" component. It allows physically proximate attackers to discover an Apple ID by readin… | |||
| CVE-2017-2351 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WiFi" component, which allows physically proximate attackers to bypass the activation-lock pr… | |||
| CVE-2017-3320 | low | 2.4 | 2.4 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability… | |||
| CVE-2017-15307 | low | 2.3 | 2.3 | 9y ago | Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on s… | |||
| CVE-2017-8118 | low | 2.3 | 2.3 | 9y ago | The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | |||
| CVE-2017-10292 | low | 2.3 | 2.3 | 9y ago | Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privile… | |||
| CVE-2017-3893 | low | 1.9 | 1.9 | 9y ago | In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with b… | |||
| CVE-2017-10120 | low | 1.9 | 1.9 | 9y ago | Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having … | |||
| CVE-2017-10122 | low | 1.8 | 1.8 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high … | |||
| CVE-2017-12637 | unknown | — | 1.5 | 1y ago | SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files vi… | |||
| CVE-2017-3506 | unknown | — | 1.5 | 2y ago | Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP req… | |||
| CVE-2017-6742 | unknown | — | 1.5 | 3y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected sys… | |||
| CVE-2017-6862 | unknown | — | 1.5 | 4y ago | Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution. | |||
| CVE-2017-18362 | unknown | — | 1.5 | 4y ago | ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. | |||
| CVE-2017-8543 | unknown | — | 1.5 | 4y ago | Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory. | |||
| CVE-2017-0210 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information. | |||
| CVE-2017-0149 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website. | |||
| CVE-2017-0005 | unknown | — | 1.5 | 4y ago | The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application. | |||
| CVE-2017-0022 | unknown | — | 1.5 | 4y ago | Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site. | |||
| CVE-2017-12232 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an … | |||
| CVE-2017-12233 | unknown | — | 1.5 | 4y ago | There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resu… | |||
| CVE-2017-12234 | unknown | — | 1.5 | 4y ago | There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resu… | |||
| CVE-2017-12235 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload… | |||
| CVE-2017-12237 | unknown | — | 1.5 | 4y ago | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, … | |||
| CVE-2017-12238 | unknown | — | 1.5 | 4y ago | A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service. | |||
| CVE-2017-12240 | unknown | — | 1.5 | 4y ago | The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrar… | |||
| CVE-2017-12319 | unknown | — | 1.5 | 4y ago | A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to r… | |||
| CVE-2017-6627 | unknown | — | 1.5 | 4y ago | A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an inter… | |||
| CVE-2017-6663 | unknown | — | 1.5 | 4y ago | A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to… | |||
| CVE-2017-11826 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could … | |||
| CVE-2017-6737 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |||
| CVE-2017-0261 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution. | |||
| CVE-2017-6738 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |||
| CVE-2017-6740 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected sys… | |||
| CVE-2017-6739 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected sys… | |||
| CVE-2017-6743 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |||
| CVE-2017-6744 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or ca… | |||
| CVE-2017-0001 | unknown | — | 1.5 | 4y ago | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol… | |||
| CVE-2017-11292 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution. | |||
| CVE-2017-12231 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service. | |||
| CVE-2017-0222 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. | |||
| CVE-2017-0262 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Office. | |||
| CVE-2017-11774 | unknown | — | 1.5 | 5y ago | Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands. | |||
| CVE-2017-18344 | unknown | — | 1.0 | — | The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access… | |||
| CVE-2017-2619 | unknown | — | 1.0 | — | Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. | |||
| CVE-2017-15118 | unknown | — | 1.0 | — | A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be li… | |||
| CVE-2017-13216 | unknown | — | 1.0 | — | In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged… | |||
| CVE-2017-8046 | unknown | — | 1.0 | 4y ago | Remote code execution in PATCH requests in Spring Data REST | |||
| CVE-2017-9104 | unknown | — | — | — | An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. | |||
| CVE-2017-18343 | unknown | — | — | — | The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as de… | |||
| CVE-2017-7539 | unknown | — | — | — | An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-… | |||
| CVE-2017-7845 | unknown | — | — | — | A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the libr… | |||
| CVE-2017-9269 | unknown | — | — | — | In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential mali… | |||
| CVE-2017-7435 | unknown | — | — | — | In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into… |