CVEs from 2017

11,979 normalized CVEs published or assigned in this year.

Total

11,979

critical

critical 1,647

high

high 5,043

medium

medium 4,165

low

low 159

% Critical

13.7%

% with KEV

0.7%

% with exploit

0.7%

Top vendors

ibm 4,028
oracle 3,315
apache 1,513
imagemagick 1,426
cisco 1,376
f5 1,265
microsoft 1,181
adobe 1,082

Top products

imagemagick 1,426
joomla\! 932
kanboard 848
ntp 762
tomcat 676
mahara 572
postgresql 490
asterisk 435

Top packages

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2017-7494	high	—	9.5	3y ago	Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
CVE-2017-8291	high	—	9.5	4y ago	Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.
CVE-2017-16651	high	—	9.5	5y ago	Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the …