CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3164 | unknown | — | — | 7y ago | Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core | |||
| CVE-2017-15718 | unknown | — | — | 8y ago | Exposure of Sensitive Information in Hadoop | |||
| CVE-2017-15713 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main | |||
| CVE-2017-18239 | unknown | — | — | 8y ago | Exposure of Sensitive information in authentikat-jwt | |||
| CVE-2017-18349 | unknown | — | — | 8y ago | Improper Input Validation in alilibaba:fastjson | |||
| CVE-2017-2666 | unknown | — | — | 8y ago | Undertow-core vulnerable to HTTP Request Smuggling | |||
| CVE-2017-2670 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects io.undertow:undertow-core | |||
| CVE-2017-1000498 | unknown | — | — | 8y ago | Android SVG vulnerable to XML External Entity (XXE) | |||
| CVE-2017-7658 | unknown | — | — | 8y ago | Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling) | |||
| CVE-2017-7656 | unknown | — | — | 8y ago | Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling) | |||
| CVE-2017-7657 | unknown | — | — | 8y ago | Critical severity vulnerability that affects org.eclipse.jetty:jetty-server | |||
| CVE-2017-17485 | unknown | — | — | 8y ago | jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass | |||
| CVE-2017-15095 | unknown | — | — | 8y ago | jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution | |||
| CVE-2017-12161 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.keycloak:keycloak-core | |||
| CVE-2017-2582 | unknown | — | — | 8y ago | keycloak-core discloses system properties | |||
| CVE-2017-2646 | unknown | — | — | 8y ago | Keycloak vulnerable to infinite loop based Denial of Service | |||
| CVE-2017-2585 | unknown | — | — | 8y ago | keycloak-core vulnerable to timing attacks against JWS token verification | |||
| CVE-2017-7525 | unknown | — | — | 8y ago | jackson-databind is vulnerable to a deserialization flaw | |||
| CVE-2017-16229 | unknown | — | — | 9y ago | In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse. |