CVEs from 2017
Total
11,721
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17604 | critical | 9.8 | 9.8 | 9y ago | Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. | |||
| CVE-2017-17603 | critical | 9.8 | 9.8 | 9y ago | Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter. | |||
| CVE-2017-17602 | critical | 9.8 | 9.8 | 9y ago | Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. | |||
| CVE-2017-17601 | critical | 9.8 | 9.8 | 9y ago | Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter. | |||
| CVE-2017-17600 | critical | 9.8 | 9.8 | 9y ago | Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. | |||
| CVE-2017-17599 | critical | 9.8 | 9.8 | 9y ago | Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. | |||
| CVE-2017-17598 | critical | 9.8 | 9.8 | 9y ago | Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. | |||
| CVE-2017-17597 | critical | 9.8 | 9.8 | 9y ago | Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter. | |||
| CVE-2017-17596 | critical | 9.8 | 9.8 | 9y ago | Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. | |||
| CVE-2017-17595 | critical | 9.8 | 9.8 | 9y ago | Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter. | |||
| CVE-2017-17594 | critical | 9.8 | 9.8 | 9y ago | DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter. | |||
| CVE-2017-17592 | critical | 9.8 | 9.8 | 9y ago | Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter. | |||
| CVE-2017-17591 | critical | 9.8 | 9.8 | 9y ago | Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter. | |||
| CVE-2017-17590 | critical | 9.8 | 9.8 | 9y ago | FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter. | |||
| CVE-2017-17589 | critical | 9.8 | 9.8 | 9y ago | FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. | |||
| CVE-2017-17588 | critical | 9.8 | 9.8 | 9y ago | FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter. | |||
| CVE-2017-17587 | critical | 9.8 | 9.8 | 9y ago | FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter. | |||
| CVE-2017-17586 | critical | 9.8 | 9.8 | 9y ago | FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter. | |||
| CVE-2017-17585 | critical | 9.8 | 9.8 | 9y ago | FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter. | |||
| CVE-2017-17584 | critical | 9.8 | 9.8 | 9y ago | FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter. | |||
| CVE-2017-17583 | critical | 9.8 | 9.8 | 9y ago | FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter. | |||
| CVE-2017-17582 | critical | 9.8 | 9.8 | 9y ago | FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter. | |||
| CVE-2017-17581 | critical | 9.8 | 9.8 | 9y ago | FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. | |||
| CVE-2017-17580 | critical | 9.8 | 9.8 | 9y ago | FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. | |||
| CVE-2017-17579 | critical | 9.8 | 9.8 | 9y ago | FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. | |||
| CVE-2017-17578 | critical | 9.8 | 9.8 | 9y ago | FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. | |||
| CVE-2017-17577 | critical | 9.8 | 9.8 | 9y ago | FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. | |||
| CVE-2017-17576 | critical | 9.8 | 9.8 | 9y ago | FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. | |||
| CVE-2017-17575 | critical | 9.8 | 9.8 | 9y ago | FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. | |||
| CVE-2017-17574 | critical | 9.8 | 9.8 | 9y ago | FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. | |||
| CVE-2017-17573 | critical | 9.8 | 9.8 | 9y ago | FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. | |||
| CVE-2017-17572 | critical | 9.8 | 9.8 | 9y ago | FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. | |||
| CVE-2017-17571 | critical | 9.8 | 9.8 | 9y ago | FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter. | |||
| CVE-2017-17570 | critical | 9.8 | 9.8 | 9y ago | FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter. | |||
| CVE-2017-11899 | critical | 9.8 | 9.8 | 9y ago | Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, a… | |||
| CVE-2017-16684 | critical | 9.8 | 9.8 | 9y ago | SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | |||
| CVE-2017-17111 | critical | 9.8 | 9.8 | 9y ago | Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. | |||
| CVE-2017-17110 | critical | 9.8 | 9.8 | 9y ago | Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. | |||
| CVE-2017-15940 | critical | 9.8 | 9.8 | 9y ago | The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to… | |||
| CVE-2017-15708 | critical | 9.8 | 9.8 | 9y ago | Remote Code Execution in Apache Synapse | |||
| CVE-2017-17499 | critical | 9.8 | 9.8 | 9y ago | ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. | |||
| CVE-2017-17484 | critical | 9.8 | 9.8 | 9y ago | The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote a… | |||
| CVE-2017-3114 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the co… | |||
| CVE-2017-3112 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the co… | |||
| CVE-2017-16398 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. T… | |||
| CVE-2017-11304 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11303 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code executio… | |||
| CVE-2017-11302 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11295 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11294 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-11293 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. A… | |||
| CVE-2017-11225 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mis… | |||
| CVE-2017-11215 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old an… | |||
| CVE-2017-11213 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to … | |||
| CVE-2017-17480 | critical | 9.8 | 9.8 | 9y ago | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of serv… | |||
| CVE-2017-17479 | critical | 9.8 | 9.8 | 9y ago | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of servi… | |||
| CVE-2017-17465 | critical | 9.8 | 9.8 | 9y ago | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request. | |||
| CVE-2017-17464 | critical | 9.8 | 9.8 | 9y ago | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request. | |||
| CVE-2017-17430 | critical | 9.8 | 9.8 | 9y ago | Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. | |||
| CVE-2017-13160 | critical | 9.8 | 9.8 | 9y ago | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362. | |||
| CVE-2017-17434 | critical | 9.8 | 9.8 | 9y ago | The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also … | |||
| CVE-2017-14374 | critical | 9.8 | 9.8 | 9y ago | The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially d… | |||
| CVE-2017-6211 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can o… | |||
| CVE-2017-14918 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur. | |||
| CVE-2017-14917 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. | |||
| CVE-2017-14916 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. | |||
| CVE-2017-14914 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale. | |||
| CVE-2017-14909 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated. | |||
| CVE-2017-14908 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to veri… | |||
| CVE-2017-11006 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning. | |||
| CVE-2017-11005 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path. | |||
| CVE-2017-9709 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony. | |||
| CVE-2017-15813 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs. | |||
| CVE-2017-14907 | critical | 9.8 | 9.8 | 9y ago | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key. | |||
| CVE-2017-16930 | critical | 9.8 | 9.8 | 9y ago | The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. Th… | |||
| CVE-2017-13664 | critical | 9.8 | 9.8 | 9y ago | Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this… | |||
| CVE-2017-15702 | critical | 9.8 | 9.8 | 9y ago | Apache Qpid Broker vulnerable to authentication port spoofing | |||
| CVE-2017-10903 | critical | 9.8 | 9.8 | 9y ago | Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. | |||
| CVE-2017-10902 | critical | 9.8 | 9.8 | 9y ago | PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2017-10900 | critical | 9.8 | 9.8 | 9y ago | PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors. | |||
| CVE-2017-10899 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-10898 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2017-17086 | critical | 9.8 | 9.8 | 9y ago | Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as… | |||
| CVE-2017-15607 | critical | 9.8 | 9.8 | 9y ago | Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181. | |||
| CVE-2017-11284 | critical | 9.8 | 9.8 | 9y ago | Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||
| CVE-2017-11283 | critical | 9.8 | 9.8 | 9y ago | Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11. | |||
| CVE-2017-11282 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. | |||
| CVE-2017-11281 | critical | 9.8 | 9.8 | 9y ago | Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlie… | |||
| CVE-2017-17067 | critical | 9.8 | 9.8 | 9y ago | Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which … | |||
| CVE-2017-14189 | critical | 9.8 | 9.8 | 9y ago | An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password. | |||
| CVE-2017-8818 | critical | 9.8 | 9.8 | 9y ago | curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too litt… | |||
| CVE-2017-8817 | critical | 9.8 | 9.8 | 9y ago | The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact v… | |||
| CVE-2017-8816 | critical | 9.8 | 9.8 | 9y ago | The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application cr… | |||
| CVE-2017-14377 | critical | 9.8 | 9.8 | 9y ago | EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could p… | |||
| CVE-2017-9315 | critical | 9.8 | 9.8 | 9y ago | Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm use… | |||
| CVE-2017-8020 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root pri… | |||
| CVE-2017-14746 | critical | 9.8 | 9.8 | 9y ago | Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | |||
| CVE-2017-14586 | critical | 9.8 | 9.8 | 9y ago | The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are … | |||
| CVE-2017-1001003 | critical | 9.8 | 9.8 | 9y ago | Arbitrary Code Execution in mathjs | |||
| CVE-2017-1001002 | critical | 9.8 | 9.8 | 9y ago | Arbitrary Code Execution in mathjs |