CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1196 | critical | 9.8 | 9.8 | 9y ago | IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID:… | |||
| CVE-2017-9462 | high | 8.8 | 9.8 | 9y ago | In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | |||
| CVE-2017-9436 | critical | 9.8 | 9.8 | 9y ago | TeamPass SQL injection in users.queries.php | |||
| CVE-2017-9435 | critical | 9.8 | 9.8 | 9y ago | Dolibarr ERP and CRM SQLi | |||
| CVE-2017-8836 | high | 8.8 | 9.8 | 9y ago | CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative inte… | |||
| CVE-2017-9433 | critical | 9.8 | 9.8 | 9y ago | Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1P… | |||
| CVE-2017-9432 | critical | 9.8 | 9.8 | 9y ago | Document Liberation Project libstaroffice before 2017-04-07 has an out-of-bounds write caused by a stack-based buffer overflow related to the DatabaseName::read function in lib/StarWriterStruct.cxx. | |||
| CVE-2017-9431 | critical | 9.8 | 9.8 | 9y ago | Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c. | |||
| CVE-2017-9380 | high | 8.8 | 9.8 | 9y ago | OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | |||
| CVE-2017-9364 | critical | 9.8 | 9.8 | 9y ago | Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | |||
| CVE-2017-9363 | critical | 9.8 | 9.8 | 9y ago | Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request. | |||
| CVE-2017-9360 | critical | 9.8 | 9.8 | 9y ago | WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | |||
| CVE-2017-9294 | critical | 9.8 | 9.8 | 9y ago | RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports. | |||
| CVE-2017-9148 | critical | 9.8 | 9.8 | 9y ago | The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, … | |||
| CVE-2017-7915 | critical | 9.8 | 9.8 | 9y ago | An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 0912… | |||
| CVE-2017-7913 | critical | 9.8 | 9.8 | 9y ago | A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions,… | |||
| CVE-2017-9265 | critical | 9.8 | 9.8 | 9y ago | In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. | |||
| CVE-2017-9264 | critical | 9.8 | 9.8 | 9y ago | In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extr… | |||
| CVE-2017-9034 | critical | 9.8 | 9.8 | 9y ago | Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate soft… | |||
| CVE-2017-9228 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular ex… | |||
| CVE-2017-9227 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular express… | |||
| CVE-2017-9226 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regu… | |||
| CVE-2017-9225 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str… | |||
| CVE-2017-9224 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression… | |||
| CVE-2017-2801 | critical | 9.8 | 9.8 | 9y ago | A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially c… | |||
| CVE-2017-9214 | critical | 9.8 | 9.8 | 9y ago | In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pu… | |||
| CVE-2017-6131 | critical | 9.8 | 9.8 | 9y ago | In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. … | |||
| CVE-2017-9200 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63. | |||
| CVE-2017-9199 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19. | |||
| CVE-2017-9198 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18. | |||
| CVE-2017-9197 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55. | |||
| CVE-2017-9196 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in input-tga.c:528:7. | |||
| CVE-2017-9195 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27. | |||
| CVE-2017-9194 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29. | |||
| CVE-2017-9193 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33. | |||
| CVE-2017-9192 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7. | |||
| CVE-2017-9191 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15. | |||
| CVE-2017-9188 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63. | |||
| CVE-2017-9187 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7. | |||
| CVE-2017-9186 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17. | |||
| CVE-2017-9185 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7. | |||
| CVE-2017-9184 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7. | |||
| CVE-2017-9183 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7. | |||
| CVE-2017-9173 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29. | |||
| CVE-2017-9172 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:496:29. | |||
| CVE-2017-9171 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24. | |||
| CVE-2017-9170 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25. | |||
| CVE-2017-9169 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25. | |||
| CVE-2017-9168 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:353:25. | |||
| CVE-2017-9167 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25. | |||
| CVE-2017-9166 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11. | |||
| CVE-2017-9165 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11. | |||
| CVE-2017-9164 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11. | |||
| CVE-2017-9163 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in pxl-outline.c:106:54. | |||
| CVE-2017-9162 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2. | |||
| CVE-2017-9161 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23. | |||
| CVE-2017-9160 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12. | |||
| CVE-2017-9153 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function in input-pnm.c:391:13. | |||
| CVE-2017-9152 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41. | |||
| CVE-2017-9151 | critical | 9.8 | 9.8 | 9y ago | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12. | |||
| CVE-2017-6821 | critical | 9.8 | 9.8 | 9y ago | Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | |||
| CVE-2017-6813 | critical | 9.8 | 9.8 | 9y ago | A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations. | |||
| CVE-2017-6984 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The is… | |||
| CVE-2017-6980 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2547 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-2536 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2531 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2521 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2520 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2519 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2518 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2515 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allow… | |||
| CVE-2017-2514 | high | 8.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute ar… | |||
| CVE-2017-2513 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-9119 | critical | 9.8 | 9.8 | 9y ago | The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact b… | |||
| CVE-2017-7504 | critical | 9.8 | 9.8 | 9y ago | HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes fo… | |||
| CVE-2017-9080 | high | 8.8 | 9.8 | 9y ago | PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection. | |||
| CVE-2017-6048 | high | 8.8 | 9.8 | 9y ago | A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, an… | |||
| CVE-2017-6027 | critical | 9.8 | 9.8 | 9y ago | An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualizati… | |||
| CVE-2017-6025 | critical | 9.8 | 9.8 | 9y ago | A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualizatio… | |||
| CVE-2017-7503 | critical | 9.8 | 9.8 | 9y ago | It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read fil… | |||
| CVE-2017-9058 | critical | 9.8 | 9.8 | 9y ago | In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | |||
| CVE-2017-9055 | critical | 9.8 | 9.8 | 9y ago | An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. | |||
| CVE-2017-9054 | critical | 9.8 | 9.8 | 9y ago | An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to… | |||
| CVE-2017-9052 | critical | 9.8 | 9.8 | 9y ago | An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few pl… | |||
| CVE-2017-9051 | critical | 9.8 | 9.8 | 9y ago | libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c. | |||
| CVE-2017-6195 | critical | 9.8 | 9.8 | 9y ago | Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20. | |||
| CVE-2017-9031 | critical | 9.8 | 9.8 | 9y ago | The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. | |||
| CVE-2017-5215 | critical | 9.8 | 9.8 | 9y ago | The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution. | |||
| CVE-2017-9026 | critical | 9.8 | 9.8 | 9y ago | Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted f… | |||
| CVE-2017-6079 | critical | 9.8 | 9.8 | 9y ago | The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use th… | |||
| CVE-2017-6886 | critical | 9.8 | 9.8 | 9y ago | An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory. | |||
| CVE-2017-6885 | critical | 9.8 | 9.8 | 9y ago | An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 t… | |||
| CVE-2017-7952 | high | 8.8 | 9.8 | 9y ago | INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. | |||
| CVE-2017-6890 | critical | 9.8 | 9.8 | 9y ago | A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer … | |||
| CVE-2017-6889 | critical | 9.8 | 9.8 | 9y ago | An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. | |||
| CVE-2017-0252 | critical | 9.8 | 9.8 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-0223 | critical | 9.8 | 9.8 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-8928 | high | 8.8 | 9.8 | 9y ago | mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | |||
| CVE-2017-8923 | critical | 9.8 | 9.8 | 9y ago | RHSA-2023:2903: php:7.4 security update (Moderate) |