CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12190 | medium | 6.5 | 6.5 | 9y ago | The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same… | |||
| CVE-2017-8860 | medium | 6.5 | 6.5 | 9y ago | Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web … | |||
| CVE-2017-16883 | medium | 6.5 | 6.5 | 9y ago | The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf fil… | |||
| CVE-2017-1000221 | medium | 6.5 | 6.5 | 9y ago | Opencast has Incorrect Permission Assignment | |||
| CVE-2017-4938 | medium | 6.5 | 6.5 | 9y ago | VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal… | |||
| CVE-2017-1000224 | medium | 6.5 | 6.5 | 9y ago | CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin | |||
| CVE-2017-16867 | medium | 6.5 | 6.5 | 9y ago | Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house f… | |||
| CVE-2017-11872 | medium | 6.5 | 6.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the atta… | |||
| CVE-2017-16239 | medium | 6.5 | 6.5 | 9y ago | In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filte… | |||
| CVE-2017-13849 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows re… | |||
| CVE-2017-13790 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web s… | |||
| CVE-2017-13789 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web s… | |||
| CVE-2017-15638 | medium | 6.5 | 6.5 | 9y ago | The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and S… | |||
| CVE-2017-12803 | medium | 6.5 | 6.5 | 9y ago | The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |||
| CVE-2017-12802 | medium | 6.5 | 6.5 | 9y ago | The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |||
| CVE-2017-12801 | medium | 6.5 | 6.5 | 9y ago | The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |||
| CVE-2017-12800 | medium | 6.5 | 6.5 | 9y ago | The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv … | |||
| CVE-2017-12783 | medium | 6.5 | 6.5 | 9y ago | The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |||
| CVE-2017-12782 | medium | 6.5 | 6.5 | 9y ago | The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |||
| CVE-2017-12781 | medium | 6.5 | 6.5 | 9y ago | The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv fi… | |||
| CVE-2017-12780 | medium | 6.5 | 6.5 | 9y ago | The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file. | |||
| CVE-2017-12779 | medium | 6.5 | 6.5 | 9y ago | The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | |||
| CVE-2017-12096 | medium | 6.5 | 6.5 | 9y ago | An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted ne… | |||
| CVE-2017-12094 | medium | 6.5 | 6.5 | 9y ago | An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attac… | |||
| CVE-2017-16541 | medium | 6.5 | 6.5 | 9y ago | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages f… | |||
| CVE-2017-1000156 | medium | 6.5 | 6.5 | 9y ago | Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin ro… | |||
| CVE-2017-1000142 | medium | 6.5 | 6.5 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation. | |||
| CVE-2017-1000136 | medium | 6.5 | 6.5 | 9y ago | Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change. | |||
| CVE-2017-1000135 | medium | 6.5 | 6.5 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended. | |||
| CVE-2017-1000131 | medium | 6.5 | 6.5 | 9y ago | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when usi… | |||
| CVE-2017-3736 | medium | 6.5 | 6.5 | 9y ago | There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RS… | |||
| CVE-2017-12274 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio freq… | |||
| CVE-2017-12273 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent at… | |||
| CVE-2017-14992 | medium | 6.5 | 6.5 | 9y ago | Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause … | |||
| CVE-2017-10944 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-10943 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-10942 | medium | 6.5 | 6.5 | 9y ago | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in tha… | |||
| CVE-2017-15937 | medium | 6.5 | 6.5 | 9y ago | Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /v… | |||
| CVE-2017-14182 | medium | 6.5 | 6.5 | 9y ago | A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to… | |||
| CVE-2017-5120 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5117 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5110 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5106 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5105 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5104 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5101 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5094 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5093 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5090 | medium | 6.5 | 6.5 | 9y ago | Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character… | |||
| CVE-2017-5089 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5086 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5076 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5072 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5067 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5066 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5060 | medium | 6.5 | 6.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-1222 | medium | 6.5 | 6.5 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM… | |||
| CVE-2017-15917 | medium | 6.5 | 6.5 | 9y ago | In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server. | |||
| CVE-2017-1212 | medium | 6.5 | 6.5 | 9y ago | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852. | |||
| CVE-2017-15186 | medium | 6.5 | 6.5 | 9y ago | Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | |||
| CVE-2017-7106 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It all… | |||
| CVE-2017-7085 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address … | |||
| CVE-2017-10427 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are affected are 6.0.11, 6.5.11, 7.0.6, 7.1.6… | |||
| CVE-2017-10421 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vul… | |||
| CVE-2017-10384 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily expl… | |||
| CVE-2017-10379 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Ea… | |||
| CVE-2017-10378 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. … | |||
| CVE-2017-10344 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Difficult to exploit… | |||
| CVE-2017-10343 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Easily exploitable v… | |||
| CVE-2017-10316 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable … | |||
| CVE-2017-10280 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exp… | |||
| CVE-2017-10276 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnera… | |||
| CVE-2017-10261 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker … | |||
| CVE-2017-10167 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low… | |||
| CVE-2017-10152 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable… | |||
| CVE-2017-10077 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.… | |||
| CVE-2017-15611 | medium | 6.5 | 6.5 | 9y ago | In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges. | |||
| CVE-2017-15610 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an att… | |||
| CVE-2017-15593 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. | |||
| CVE-2017-15591 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of… | |||
| CVE-2017-15589 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a… | |||
| CVE-2017-15583 | medium | 6.5 | 6.5 | 9y ago | The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not valida… | |||
| CVE-2017-14009 | medium | 6.5 | 6.5 | 9y ago | An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password… | |||
| CVE-2017-11785 | medium | 5.5 | 6.5 | 9y ago | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1… | |||
| CVE-2017-15277 | medium | 6.5 | 6.5 | 9y ago | ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected … | |||
| CVE-2017-15232 | medium | 6.5 | 6.5 | 9y ago | libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. | |||
| CVE-2017-1538 | medium | 6.5 | 6.5 | 9y ago | IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. | |||
| CVE-2017-15218 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. | |||
| CVE-2017-15217 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. | |||
| CVE-2017-12623 | medium | 6.5 | 6.5 | 9y ago | XML External Entity Reference in Apache NiFi | |||
| CVE-2017-14614 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary… | |||
| CVE-2017-12268 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Inter… | |||
| CVE-2017-12256 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on… | |||
| CVE-2017-1000104 | medium | 6.5 | 6.5 | 9y ago | Improper Privilege Management in Jenkins Config File Provider Plugin | |||
| CVE-2017-1000101 | medium | 6.5 | 6.5 | 9y ago | curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numeri… | |||
| CVE-2017-1000100 | medium | 6.5 | 6.5 | 9y ago | When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the b… | |||
| CVE-2017-1000099 | medium | 6.5 | 6.5 | 9y ago | When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (st… | |||
| CVE-2017-1000095 | medium | 6.5 | 6.5 | 9y ago | Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin | |||
| CVE-2017-1000094 | medium | 6.5 | 6.5 | 9y ago | Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs | |||
| CVE-2017-1000085 | medium | 6.5 | 6.5 | 9y ago | Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability |