CVEs from 2017
Total
11,796
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
14.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-5030 | critical | — | 10.0 | 4y ago | multiple issues in chromium | |
| CVE-2017-5070 | critical | — | 10.0 | 4y ago | multiple issues in chromium | |
| CVE-2017-9841 | critical | — | 10.0 | 4y ago | PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., exte… | |
| CVE-2017-9417 | critical | 9.8 | 9.8 | 9y ago | Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. | |
| CVE-2017-1000253 | unknown | — | 1.5 | 2y ago | Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability w… | |
| CVE-2017-12617 | unknown | — | 1.5 | 4y ago | Unrestricted Upload of File with Dangerous Type Apache Tomcat | |
| CVE-2017-9791 | unknown | — | 1.5 | 4y ago | Code execution in Apache Struts 1 plugin | |
| CVE-2017-1000353 | unknown | — | 1.5 | 4y ago | Deserialization of Untrusted Data in Jenkins | |
| CVE-2017-1000486 | unknown | — | 1.5 | 5y ago | Inadequate Encryption Strength | |
| CVE-2017-5638 | unknown | — | 1.5 | 8y ago | Apache Struts vulnerable to remote arbitrary command execution due to improper input validation | |
| CVE-2017-12615 | unknown | — | 1.5 | 8y ago | When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server | |
| CVE-2017-9805 | unknown | — | 1.5 | 8y ago | REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering | |
| CVE-2017-13216 | unknown | — | 1.0 | — | In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged… |