CVEs from 2017
Total
11,606
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0888 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable in… | |||
| CVE-2017-0887 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary… | |||
| CVE-2017-0885 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-o… | |||
| CVE-2017-0884 | medium | 4.3 | 4.3 | 9y ago | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated … | |||
| CVE-2017-1171 | medium | 4.3 | 4.3 | 9y ago | The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulnerability that could allow an authenticated user to execute Application actions they do not have access to. IBM Reference #: 20010… | |||
| CVE-2017-0881 | medium | 4.3 | 4.3 | 9y ago | An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a pri… | |||
| CVE-2017-5524 | medium | 4.3 | 4.3 | 9y ago | Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. | |||
| CVE-2017-1155 | medium | 4.3 | 4.3 | 9y ago | IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754. | |||
| CVE-2017-3871 | medium | 4.3 | 4.3 | 9y ago | A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive infor… | |||
| CVE-2017-6954 | medium | 4.3 | 4.3 | 9y ago | BuddyPress Docs plugin Improper Privilege Management | |||
| CVE-2017-0073 | medium | 4.3 | 4.3 | 9y ago | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol… | |||
| CVE-2017-0069 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 … | |||
| CVE-2017-0068 | medium | 4.3 | 4.3 | 9y ago | Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerabi… | |||
| CVE-2017-0065 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is … | |||
| CVE-2017-0057 | medium | 4.3 | 4.3 | 9y ago | DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 fails to properly process DNS queries, which allows remote attack… | |||
| CVE-2017-0049 | medium | 4.3 | 4.3 | 9y ago | The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure … | |||
| CVE-2017-0033 | medium | 4.3 | 4.3 | 9y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different f… | |||
| CVE-2017-0012 | medium | 4.3 | 4.3 | 9y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different f… | |||
| CVE-2017-0011 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those de… | |||
| CVE-2017-0009 | medium | 4.3 | 4.3 | 9y ago | Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Th… | |||
| CVE-2017-0008 | medium | 4.3 | 4.3 | 9y ago | Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability… | |||
| CVE-2017-6918 | medium | 4.3 | 4.3 | 9y ago | CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed. | |||
| CVE-2017-6917 | medium | 4.3 | 4.3 | 9y ago | CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed. | |||
| CVE-2017-6916 | medium | 4.3 | 4.3 | 9y ago | CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed. | |||
| CVE-2017-6915 | medium | 4.3 | 4.3 | 9y ago | CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed. | |||
| CVE-2017-5866 | medium | 4.3 | 4.3 | 9y ago | The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensit… | |||
| CVE-2017-3844 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. … | |||
| CVE-2017-3843 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Informati… | |||
| CVE-2017-3839 | medium | 4.3 | 4.3 | 9y ago | An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the… | |||
| CVE-2017-3836 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases… | |||
| CVE-2017-5027 | medium | 4.3 | 4.3 | 9y ago | Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacke… | |||
| CVE-2017-5026 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5023 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5022 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5021 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5017 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-3315 | medium | 4.3 | 4.3 | 10y ago | Vulnerability in the PeopleSoft Enterprise HCM ePerformance component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnera… | |||
| CVE-2017-3296 | medium | 4.3 | 4.3 | 10y ago | Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easi… | |||
| CVE-2017-3261 | medium | 4.3 | 4.3 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u11… | |||
| CVE-2017-3247 | medium | 4.3 | 4.3 | 10y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerabil… | |||
| CVE-2017-3231 | medium | 4.3 | 4.3 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u11… | |||
| CVE-2017-12340 | medium | 4.2 | 4.2 | 9y ago | A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, … | |||
| CVE-2017-12336 | medium | 4.2 | 4.2 | 9y ago | A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the unde… | |||
| CVE-2017-8196 | medium | 4.2 | 4.2 | 9y ago | FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby queryi… | |||
| CVE-2017-13679 | medium | 4.2 | 4.2 | 9y ago | A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by … | |||
| CVE-2017-13675 | medium | 4.2 | 4.2 | 9y ago | A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by tem… | |||
| CVE-2017-12266 | medium | 4.2 | 4.2 | 9y ago | A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisc… | |||
| CVE-2017-8754 | medium | 4.2 | 4.2 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edg… | |||
| CVE-2017-3652 | medium | 4.2 | 4.2 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Diffic… | |||
| CVE-2017-6770 | medium | 4.2 | 4.2 | 9y ago | Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open S… | |||
| CVE-2017-3509 | medium | 4.2 | 4.2 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u12… | |||
| CVE-2017-3477 | medium | 4.2 | 4.2 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Dif… | |||
| CVE-2017-0140 | medium | 4.2 | 4.2 | 9y ago | Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is d… | |||
| CVE-2017-0135 | medium | 4.2 | 4.2 | 9y ago | Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is d… | |||
| CVE-2017-0066 | medium | 4.2 | 4.2 | 9y ago | Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is d… | |||
| CVE-2017-10268 | medium | 4.1 | 4.1 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier… | |||
| CVE-2017-12361 | medium | 4.0 | 4.0 | 9y ago | A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability t… | |||
| CVE-2017-10317 | medium | 4.0 | 4.0 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable … | |||
| CVE-2017-10295 | medium | 4.0 | 4.0 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em… | |||
| CVE-2017-10220 | medium | 4.0 | 4.0 | 9y ago | Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerab… | |||
| CVE-2017-10213 | medium | 4.0 | 4.0 | 9y ago | Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability all… | |||
| CVE-2017-11671 | medium | 4.0 | 4.0 | 9y ago | Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences… | |||
| CVE-2017-1000369 | medium | 4.0 | 4.0 | 9y ago | Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This… | |||
| CVE-2017-9117 | medium | 4.0 | 4.0 | 9y ago | In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by … | |||
| CVE-2017-7937 | medium | 4.0 | 4.0 | 9y ago | An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS s… | |||
| CVE-2017-3793 | medium | 4.0 | 4.0 | 9y ago | A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauth… | |||
| CVE-2017-5967 | medium | 4.0 | 4.0 | 9y ago | The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by r… | |||
| CVE-2017-3318 | medium | 4.0 | 4.0 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earl… | |||
| CVE-2017-3317 | medium | 4.0 | 4.0 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult … |