CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2727 | medium | 4.3 | 4.3 | 9y ago | Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365,… | |||
| CVE-2017-15110 | medium | 4.3 | 4.3 | 9y ago | Moodle Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2017-10889 | medium | 4.3 | 4.3 | 9y ago | TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. | |||
| CVE-2017-16560 | medium | 4.3 | 4.3 | 9y ago | SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user… | |||
| CVE-2017-12302 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL… | |||
| CVE-2017-15269 | medium | 4.3 | 4.3 | 9y ago | The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server. | |||
| CVE-2017-11848 | medium | 4.3 | 4.3 | 9y ago | Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 20… | |||
| CVE-2017-11844 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles … | |||
| CVE-2017-11803 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles … | |||
| CVE-2017-16804 | medium | 4.3 | 4.3 | 9y ago | In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive … | |||
| CVE-2017-16633 | medium | 4.3 | 4.3 | 9y ago | In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. | |||
| CVE-2017-11461 | medium | 4.3 | 4.3 | 9y ago | NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintende… | |||
| CVE-2017-1000155 | medium | 4.3 | 4.3 | 9y ago | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's… | |||
| CVE-2017-1000143 | medium | 4.3 | 4.3 | 9y ago | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore. | |||
| CVE-2017-12279 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected de… | |||
| CVE-2017-12625 | medium | 4.3 | 4.3 | 9y ago | Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service | |||
| CVE-2017-1000243 | medium | 4.3 | 4.3 | 9y ago | Missing permission check in Jenkins Favorite Plugin | |||
| CVE-2017-5119 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5118 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5109 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5103 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5102 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5096 | medium | 4.3 | 4.3 | 9y ago | Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a… | |||
| CVE-2017-5083 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5079 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5075 | medium | 4.3 | 4.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-1226 | medium | 4.3 | 4.3 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks… | |||
| CVE-2017-1295 | medium | 4.3 | 4.3 | 9y ago | IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157. | |||
| CVE-2017-1241 | medium | 4.3 | 4.3 | 9y ago | An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523. | |||
| CVE-2017-7144 | medium | 4.3 | 4.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to track Safari Priva… | |||
| CVE-2017-10387 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 … | |||
| CVE-2017-10334 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1… | |||
| CVE-2017-10299 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil… | |||
| CVE-2017-10287 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). The supported version that is affected is 9.2. Easily exploitable vulnerabi… | |||
| CVE-2017-10164 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulner… | |||
| CVE-2017-12287 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, r… | |||
| CVE-2017-8726 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft s… | |||
| CVE-2017-11794 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge … | |||
| CVE-2017-11790 | medium | 4.3 | 4.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-10857 | medium | 4.3 | 4.3 | 9y ago | Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. | |||
| CVE-2017-14369 | medium | 4.3 | 4.3 | 9y ago | RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges a… | |||
| CVE-2017-15212 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user. | |||
| CVE-2017-15211 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | |||
| CVE-2017-15210 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user. | |||
| CVE-2017-15209 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. | |||
| CVE-2017-15208 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. | |||
| CVE-2017-15207 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. | |||
| CVE-2017-15206 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. | |||
| CVE-2017-15205 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user. | |||
| CVE-2017-15204 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. | |||
| CVE-2017-15203 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. | |||
| CVE-2017-15202 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. | |||
| CVE-2017-15201 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. | |||
| CVE-2017-15200 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. | |||
| CVE-2017-15199 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. | |||
| CVE-2017-15198 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user. | |||
| CVE-2017-15197 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. | |||
| CVE-2017-15196 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. | |||
| CVE-2017-15195 | medium | 4.3 | 4.3 | 9y ago | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. | |||
| CVE-2017-1000110 | medium | 4.3 | 4.3 | 9y ago | Improper Authentication in Jenkins Blue Ocean Plugin | |||
| CVE-2017-1000087 | medium | 4.3 | 4.3 | 9y ago | Jenkins GitHub Branch Source Plugin allows any user with Overall/Read permission to get list of valid credentials IDs | |||
| CVE-2017-9794 | medium | 4.3 | 4.3 | 9y ago | Apache Geode gfsh query vulnerability | |||
| CVE-2017-1555 | medium | 4.3 | 4.3 | 9y ago | IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. | |||
| CVE-2017-12157 | medium | 4.3 | 4.3 | 9y ago | Moodle sensitive information disclosure | |||
| CVE-2017-1002024 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. | |||
| CVE-2017-8739 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects i… | |||
| CVE-2017-8736 | medium | 4.3 | 4.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 16… | |||
| CVE-2017-8735 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that M… | |||
| CVE-2017-8733 | medium | 4.3 | 4.3 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-8724 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, … | |||
| CVE-2017-8723 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edg… | |||
| CVE-2017-8648 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "M… | |||
| CVE-2017-8643 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Micro… | |||
| CVE-2017-8597 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka… | |||
| CVE-2017-12213 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dyn… | |||
| CVE-2017-2258 | medium | 4.3 | 4.3 | 9y ago | Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". | |||
| CVE-2017-6785 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalatio… | |||
| CVE-2017-6783 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attack… | |||
| CVE-2017-6772 | medium | 4.3 | 4.3 | 9y ago | A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitiv… | |||
| CVE-2017-7674 | medium | 4.3 | 4.3 | 9y ago | The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Orig… | |||
| CVE-2017-1377 | medium | 4.3 | 4.3 | 9y ago | IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system. IBM X-Force ID: 126874. | |||
| CVE-2017-1357 | medium | 4.3 | 4.3 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684. | |||
| CVE-2017-8662 | medium | 4.3 | 4.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability… | |||
| CVE-2017-8659 | medium | 4.3 | 4.3 | 9y ago | ChakraCore information disclosure vulnerability | |||
| CVE-2017-3651 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. E… | |||
| CVE-2017-10218 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitabl… | |||
| CVE-2017-10217 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitabl… | |||
| CVE-2017-10208 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows… | |||
| CVE-2017-10205 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). The supported version that is affected is 2.9. Easily expl… | |||
| CVE-2017-10195 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). The supported version that is affected is 2.8. Easily exploitable vulnerab… | |||
| CVE-2017-10175 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Profiles). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6.… | |||
| CVE-2017-10160 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1… | |||
| CVE-2017-10150 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.… | |||
| CVE-2017-10133 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RestAPI). The supported version that is affected is 1.1. Easily exploitable vulnerabil… | |||
| CVE-2017-10132 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/iOS). The supported version that is affected is 1.05. Easily exploitable vulnerability… | |||
| CVE-2017-10123 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability a… | |||
| CVE-2017-10105 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows … | |||
| CVE-2017-10081 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. … | |||
| CVE-2017-10071 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1… | |||
| CVE-2017-10022 | medium | 4.3 | 4.3 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 1… |