CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000150 | high | 8.8 | 8.8 | 9y ago | Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation … | |||
| CVE-2017-1000148 | high | 8.8 | 8.8 | 9y ago | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function wh… | |||
| CVE-2017-16522 | high | 8.8 | 8.8 | 9y ago | MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. | |||
| CVE-2017-16513 | high | 7.8 | 8.8 | 9y ago | Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. | |||
| CVE-2017-16237 | high | 7.8 | 8.8 | 9y ago | In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C. | |||
| CVE-2017-11508 | high | 8.8 | 8.8 | 9y ago | SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker c… | |||
| CVE-2017-12277 | high | 8.8 | 8.8 | 9y ago | A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote at… | |||
| CVE-2017-12262 | high | 8.8 | 8.8 | 9y ago | A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privi… | |||
| CVE-2017-12243 | high | 7.8 | 8.8 | 9y ago | A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authentica… | |||
| CVE-2017-1300 | high | 8.8 | 8.8 | 9y ago | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the w… | |||
| CVE-2017-15918 | high | 7.8 | 8.8 | 9y ago | Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks. | |||
| CVE-2017-1000244 | high | 8.8 | 8.8 | 9y ago | Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery | |||
| CVE-2017-10954 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is re… | |||
| CVE-2017-10953 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-10948 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the tar… | |||
| CVE-2017-10947 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the tar… | |||
| CVE-2017-10946 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the tar… | |||
| CVE-2017-10945 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-10941 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the ta… | |||
| CVE-2017-10940 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469… | |||
| CVE-2017-14163 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the us… | |||
| CVE-2017-15950 | high | 7.8 | 8.8 | 9y ago | Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destina… | |||
| CVE-2017-9377 | high | 8.8 | 8.8 | 9y ago | A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can e… | |||
| CVE-2017-13090 | high | 8.8 | 8.8 | 9y ago | The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doe… | |||
| CVE-2017-13089 | high | 8.8 | 8.8 | 9y ago | The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to re… | |||
| CVE-2017-15930 | high | 8.8 | 8.8 | 9y ago | In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. | |||
| CVE-2017-5122 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2017-5121 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2017-5116 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5115 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5114 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5113 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5112 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5111 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5108 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5100 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5099 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5098 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5097 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5095 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5092 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5091 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5088 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5087 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5080 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5078 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5077 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5073 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5064 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5063 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5062 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5059 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5058 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5057 | high | 8.8 | 8.8 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5056 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2017-5055 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2017-5054 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2017-5052 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2017-15378 | high | 8.8 | 8.8 | 9y ago | SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). | |||
| CVE-2017-7120 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7111 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7107 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7104 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7102 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7100 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7099 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7098 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7096 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7095 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7094 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7093 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7092 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7091 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7087 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-7081 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS b… | |||
| CVE-2017-15733 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. | |||
| CVE-2017-15732 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. | |||
| CVE-2017-15731 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | |||
| CVE-2017-15729 | high | 8.8 | 8.8 | 9y ago | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | |||
| CVE-2017-2133 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vecto… | |||
| CVE-2017-15649 | high | 7.8 | 8.8 | 9y ago | net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race co… | |||
| CVE-2017-10955 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The sp… | |||
| CVE-2017-10424 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Web). Supported versions that are affected are 3.2.8.2223 and earlier, 3.3.4.3247 and earlier and 3.… | |||
| CVE-2017-10321 | high | 8.8 | 8.8 | 9y ago | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows low privileged a… | |||
| CVE-2017-12579 | high | 7.8 | 8.8 | 9y ago | An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell. | |||
| CVE-2017-12271 | high | 8.8 | 8.8 | 9y ago | A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cr… | |||
| CVE-2017-15594 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotpl… | |||
| CVE-2017-15592 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishan… | |||
| CVE-2017-15590 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. | |||
| CVE-2017-15565 | high | 8.8 | 8.8 | 9y ago | In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | |||
| CVE-2017-14011 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The application does not sufficiently verify requests, making it susceptible to cross-site requ… | |||
| CVE-2017-14005 | high | 8.8 | 8.8 | 9y ago | An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the … | |||
| CVE-2017-5531 | high | 8.8 | 8.8 | 9y ago | Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may b… | |||
| CVE-2017-15221 | high | 7.8 | 8.8 | 9y ago | ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324. | |||
| CVE-2017-15296 | high | 8.8 | 8.8 | 9y ago | The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. | |||
| CVE-2017-6224 | high | 8.8 | 8.8 | 9y ago | Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2… | |||
| CVE-2017-6223 | high | 8.8 | 8.8 | 9y ago | Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow… | |||
| CVE-2017-11786 | high | 8.8 | 8.8 | 9y ago | Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authen… | |||
| CVE-2017-11763 | high | 8.8 | 8.8 | 9y ago | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, a… | |||
| CVE-2017-11762 | high | 8.8 | 8.8 | 9y ago | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, a… |