CVEs from 2017
Total
11,679
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7545 | unknown | — | — | 4y ago | XML External Entity Reference in jbpmmigration | |||
| CVE-2017-7559 | unknown | — | — | 4y ago | Undertow vulnerable to Request Smuggling | |||
| CVE-2017-3199 | unknown | — | — | 4y ago | GraniteDS Insecure Deserialization | |||
| CVE-2017-3200 | unknown | — | — | 4y ago | GraniteDS Insecure Deserialization | |||
| CVE-2017-12610 | unknown | — | — | 4y ago | Improper Authentication in Apache Kafka | |||
| CVE-2017-15695 | unknown | — | — | 4y ago | Apache Geode vulnerable to Incorrect Authorization | |||
| CVE-2017-1000400 | unknown | — | — | 4y ago | Missing Authorization in Jenkins | |||
| CVE-2017-1000390 | unknown | — | — | 4y ago | Jenkins Multijob plugin did not check permissions in the Resume Build action | |||
| CVE-2017-1000388 | unknown | — | — | 4y ago | Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks | |||
| CVE-2017-2611 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Core | |||
| CVE-2017-2599 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins | |||
| CVE-2017-12174 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Artemis and HornetQ | |||
| CVE-2017-1000487 | unknown | — | — | 4y ago | OS Command Injection in Plexus-utils | |||
| CVE-2017-15709 | unknown | — | — | 4y ago | ActiveMQ's OpenWire protocol exposes certain system details as plain text | |||
| CVE-2017-2673 | unknown | — | — | 4y ago | An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and uninte… | |||
| CVE-2017-7543 | unknown | — | — | 4y ago | A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutro… | |||
| CVE-2017-2601 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins | |||
| CVE-2017-17837 | unknown | — | — | 4y ago | Cross-site Scripting in Apache DeltaSpike | |||
| CVE-2017-15686 | unknown | — | — | 4y ago | Cross-site scripting in Crafter CMS Crafter Studio | |||
| CVE-2017-15684 | unknown | — | — | 4y ago | Path Traversal in Crafter CMS Crafter Studio | |||
| CVE-2017-15685 | unknown | — | — | 4y ago | XML Injection in Crafter CMS Crafter Studio 3.0.1 | |||
| CVE-2017-15681 | unknown | — | — | 4y ago | Path Traversal in Crafter CMS Crafter Studio | |||
| CVE-2017-8761 | unknown | — | — | 5y ago | In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these log… | |||
| CVE-2017-7957 | unknown | — | — | 6y ago | Denial of service in XStream | |||
| CVE-2017-7536 | unknown | — | — | 6y ago | Privilege Escalation in Hibernate Validator | |||
| CVE-2017-15703 | unknown | — | — | 7y ago | Denial of service via deserialization attack in nifi | |||
| CVE-2017-15694 | unknown | — | — | 7y ago | Argument Injection in Apache Geode server | |||
| CVE-2017-12619 | unknown | — | — | 7y ago | Session Fixation in Apache Zeppelin | |||
| CVE-2017-3164 | unknown | — | — | 7y ago | Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core | |||
| CVE-2017-15718 | unknown | — | — | 8y ago | Exposure of Sensitive Information in Hadoop | |||
| CVE-2017-15713 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main | |||
| CVE-2017-18239 | unknown | — | — | 8y ago | Exposure of Sensitive information in authentikat-jwt | |||
| CVE-2017-18349 | unknown | — | — | 8y ago | Improper Input Validation in alilibaba:fastjson | |||
| CVE-2017-2666 | unknown | — | — | 8y ago | Undertow-core vulnerable to HTTP Request Smuggling | |||
| CVE-2017-2670 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects io.undertow:undertow-core | |||
| CVE-2017-1000498 | unknown | — | — | 8y ago | Android SVG vulnerable to XML External Entity (XXE) | |||
| CVE-2017-7658 | unknown | — | — | 8y ago | Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) | |||
| CVE-2017-7656 | unknown | — | — | 8y ago | Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling) | |||
| CVE-2017-7657 | unknown | — | — | 8y ago | Critical severity vulnerability that affects org.eclipse.jetty:jetty-server | |||
| CVE-2017-17485 | unknown | — | — | 8y ago | jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass | |||
| CVE-2017-15095 | unknown | — | — | 8y ago | jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution | |||
| CVE-2017-12161 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.keycloak:keycloak-core | |||
| CVE-2017-2582 | unknown | — | — | 8y ago | keycloak-core discloses system properties | |||
| CVE-2017-2646 | unknown | — | — | 8y ago | Keycloak vulnerable to infinite loop based Denial of Service | |||
| CVE-2017-2585 | unknown | — | — | 8y ago | keycloak-core vulnerable to timing attacks against JWS token verification | |||
| CVE-2017-7525 | unknown | — | — | 8y ago | jackson-databind is vulnerable to a deserialization flaw | |||
| CVE-2017-16229 | unknown | — | — | 9y ago | In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse. |