CVEs from 2017
Total
11,979
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
13.7%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 490
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-2739 | low | 3.1 | 3.1 | 9y ago | The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to i… | |
| CVE-2017-11874 | low | 3.1 | 3.1 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to … | |
| CVE-2017-11833 | low | 3.1 | 3.1 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected br… | |
| CVE-2017-11791 | low | 3.1 | 3.1 | 9y ago | ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer i… | |
| CVE-2017-10399 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: GangwayActivityWebApp). The supported version that is affected is 9.0.2.0. … | |
| CVE-2017-10345 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE… | |
| CVE-2017-1000114 | low | 3.1 | 3.1 | 9y ago | Exposure of Sensitive Information in Jenkins Datadog plugin | |
| CVE-2017-12973 | low | 3.1 | 3.1 | 9y ago | Nimbus JOSE+JWT vulnerable to padding oracle attack | |
| CVE-2017-3653 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Diffic… | |
| CVE-2017-10193 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131.… | |
| CVE-2017-3626 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerabili… | |
| CVE-2017-3603 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |
| CVE-2017-3598 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2… | |
| CVE-2017-3539 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121.… | |
| CVE-2017-3490 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are… | |
| CVE-2017-3487 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3… | |
| CVE-2017-3468 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerabili… | |
| CVE-2017-3307 | low | 3.1 | 3.1 | 9y ago | Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3… | |
| CVE-2017-5190 | low | 3.1 | 3.1 | 9y ago | NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to … | |
| CVE-2017-2383 | low | 3.1 | 3.1 | 9y ago | An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in… | |
| CVE-2017-0042 | low | 3.1 | 3.1 | 9y ago | Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, a… | |
| CVE-2017-1150 | low | 3.1 | 3.1 | 9y ago | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to vie… | |
| CVE-2017-3319 | low | 3.1 | 3.1 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows lo… | |
| CVE-2017-3264 | low | 3.1 | 3.1 | 10y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Difficult to exploit vulnerability allows low privileg… | |
| CVE-2017-1124 | low | 2.9 | 2.9 | 9y ago | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053. | |
| CVE-2017-10426 | low | 2.7 | 2.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulner… | |
| CVE-2017-10194 | low | 2.7 | 2.7 | 9y ago | Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). The supported version that is affected is Prior to 3… | |
| CVE-2017-10254 | low | 2.7 | 2.7 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulner… | |
| CVE-2017-9843 | low | 2.7 | 2.7 | 9y ago | SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841. | |
| CVE-2017-9441 | low | 2.7 | 2.7 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mi… | |
| CVE-2017-5930 | low | 2.7 | 2.7 | 9y ago | The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission ch… | |
| CVE-2017-9371 | low | 2.6 | 2.6 | 9y ago | In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able… | |
| CVE-2017-0096 | low | 2.6 | 2.6 | 9y ago | Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows gu… | |
| CVE-2017-18189 | low | — | 2.5 | — | In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allo… | |
| CVE-2017-2629 | low | — | 2.5 | — | curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or f… | |
| CVE-2017-15091 | low | — | 2.5 | — | An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the … | |
| CVE-2017-11850 | low | 2.5 | 2.5 | 9y ago | Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacke… | |
| CVE-2017-11768 | low | 2.5 | 2.5 | 9y ago | Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Wi… | |
| CVE-2017-1211 | low | 2.5 | 2.5 | 9y ago | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851. | |
| CVE-2017-1346 | low | 2.5 | 2.5 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 1264… | |
| CVE-2017-1144 | low | 2.5 | 2.5 | 9y ago | IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. | |
| CVE-2017-2109 | low | 2.5 | 2.5 | 9y ago | Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. | |
| CVE-2017-3513 | low | 2.5 | 2.5 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit v… | |
| CVE-2017-2705 | low | 2.4 | 2.4 | 9y ago | Huawei P9 smartphones with software versions earlier before EVA-AL10C00B365, versions earlier before EVA-AL00C00B365, versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365,… | |
| CVE-2017-13844 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Re… | |
| CVE-2017-13805 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a… | |
| CVE-2017-7139 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Phone" component. It allows attackers to obtain sensitive information by leveraging a timing bug … | |
| CVE-2017-7082 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Screen Lock" component. It allows physically proximate attackers to read Application Firewal… | |
| CVE-2017-7058 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Notifications" component. It allows physically proximate attackers to read unintended notific… | |
| CVE-2017-7407 | low | 2.4 | 2.4 | 9y ago | The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a w… | |
| CVE-2017-2397 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Accounts" component. It allows physically proximate attackers to discover an Apple ID by readin… | |
| CVE-2017-2351 | low | 2.4 | 2.4 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WiFi" component, which allows physically proximate attackers to bypass the activation-lock pr… | |
| CVE-2017-3320 | low | 2.4 | 2.4 | 10y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability… | |
| CVE-2017-15307 | low | 2.3 | 2.3 | 9y ago | Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on s… | |
| CVE-2017-8118 | low | 2.3 | 2.3 | 9y ago | The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. | |
| CVE-2017-10292 | low | 2.3 | 2.3 | 9y ago | Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privile… | |
| CVE-2017-3893 | low | 1.9 | 1.9 | 9y ago | In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with b… | |
| CVE-2017-10120 | low | 1.9 | 1.9 | 9y ago | Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having … | |
| CVE-2017-10122 | low | 1.8 | 1.8 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high … |