CVEs from 2017
Total
11,796
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-16545 | high | 8.8 | 8.8 | 9y ago | The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType in… | |
| CVE-2017-16542 | high | 8.8 | 8.8 | 9y ago | Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | |
| CVE-2017-1000150 | high | 8.8 | 8.8 | 9y ago | Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation … | |
| CVE-2017-1000148 | high | 8.8 | 8.8 | 9y ago | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function wh… | |
| CVE-2017-16522 | high | 8.8 | 8.8 | 9y ago | MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. | |
| CVE-2017-11508 | high | 8.8 | 8.8 | 9y ago | SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker c… | |
| CVE-2017-12277 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote at… | |
| CVE-2017-12262 | high | 8.8 | 8.8 | 9y ago | A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privi… | |
| CVE-2017-1300 | high | 8.8 | 8.8 | 9y ago | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… | |
| CVE-2017-16352 | high | 8.8 | 8.8 | 9y ago | GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. … | |
| CVE-2017-1000244 | high | 8.8 | 8.8 | 9y ago | Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery | |
| CVE-2017-16244 | high | 8.8 | 8.8 | 9y ago | October CMS CSRF | |
| CVE-2017-10954 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is re… | |
| CVE-2017-10953 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-10948 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the tar… | |
| CVE-2017-10947 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the tar… | |
| CVE-2017-10946 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the tar… | |
| CVE-2017-10945 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-10941 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-10940 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469… | |
| CVE-2017-14163 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the us… | |
| CVE-2017-9377 | high | 8.8 | 8.8 | 9y ago | A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can e… | |
| CVE-2017-7411 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value tha… | |
| CVE-2017-15957 | high | 8.8 | 8.8 | 9y ago | my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. | |
| CVE-2017-13090 | high | 8.8 | 8.8 | 9y ago | The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doe… | |
| CVE-2017-13089 | high | 8.8 | 8.8 | 9y ago | The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to re… | |
| CVE-2017-15930 | high | 8.8 | 8.8 | 9y ago | In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. | |
| CVE-2017-5122 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |
| CVE-2017-5121 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |
| CVE-2017-5116 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5115 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5114 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5113 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5112 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5111 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5108 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5100 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5099 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5098 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5097 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5095 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5092 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5091 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5088 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5087 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5080 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5078 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5077 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5073 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5064 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5063 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5062 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5059 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5058 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5057 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |
| CVE-2017-5056 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |
| CVE-2017-5055 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |
| CVE-2017-5054 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |
| CVE-2017-5052 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |
| CVE-2017-15879 | high | 8.8 | 8.8 | 9y ago | Keystone is vulnerable to CSV injection | |
| CVE-2017-13772 | high | 8.8 | 8.8 | 9y ago | Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRp… | |
| CVE-2017-15808 | high | 8.8 | 8.8 | 9y ago | In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | |
| CVE-2017-15378 | high | 8.8 | 8.8 | 9y ago | SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). | |
| CVE-2017-7120 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7117 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7111 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7107 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7104 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7102 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7100 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7099 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7098 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7096 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7095 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7094 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7093 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7092 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7091 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7087 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-7081 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |
| CVE-2017-15735 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. | |
| CVE-2017-15734 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. | |
| CVE-2017-15733 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. | |
| CVE-2017-15732 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. | |
| CVE-2017-15731 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | |
| CVE-2017-15730 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | |
| CVE-2017-15729 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | |
| CVE-2017-2133 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vecto… | |
| CVE-2017-15645 | high | 8.8 | 8.8 | 9y ago | CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands. | |
| CVE-2017-10955 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The sp… | |
| CVE-2017-10424 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Web). Supported versions that are affected are 3.2.8.2223 and earlier, 3.3.4.3247 and earlier and 3.… | |
| CVE-2017-10321 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged a… | |
| CVE-2017-12271 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cr… | |
| CVE-2017-15595 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via… | |
| CVE-2017-15594 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotpl… | |
| CVE-2017-15592 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishan… | |
| CVE-2017-15590 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. | |
| CVE-2017-15578 | high | 8.8 | 8.8 | 9y ago | In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | |
| CVE-2017-15565 | high | 8.8 | 8.8 | 9y ago | In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | |
| CVE-2017-14011 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site requ… |