CVEs from 2017
Total
11,713
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
1.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10845 | critical | 9.8 | 9.8 | 9y ago | Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. | |||
| CVE-2017-1002028 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed i… | |||
| CVE-2017-1002027 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.… | |||
| CVE-2017-1002023 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | |||
| CVE-2017-1002022 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. | |||
| CVE-2017-1002021 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | |||
| CVE-2017-1002020 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. | |||
| CVE-2017-1002019 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | |||
| CVE-2017-1002018 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | |||
| CVE-2017-1002016 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | |||
| CVE-2017-1002015 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. | |||
| CVE-2017-1002014 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. | |||
| CVE-2017-1002013 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | |||
| CVE-2017-1002012 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable bef… | |||
| CVE-2017-1002010 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize use… | |||
| CVE-2017-1002009 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize use… | |||
| CVE-2017-1002008 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a use… | |||
| CVE-2017-1002003 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | |||
| CVE-2017-1002002 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ | |||
| CVE-2017-1002001 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | |||
| CVE-2017-1002000 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check … | |||
| CVE-2017-13725 | critical | 9.8 | 9.8 | 9y ago | The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). | |||
| CVE-2017-13690 | critical | 9.8 | 9.8 | 9y ago | The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. | |||
| CVE-2017-13689 | critical | 9.8 | 9.8 | 9y ago | The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). | |||
| CVE-2017-13688 | critical | 9.8 | 9.8 | 9y ago | The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). | |||
| CVE-2017-13687 | critical | 9.8 | 9.8 | 9y ago | The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). | |||
| CVE-2017-13055 | critical | 9.8 | 9.8 | 9y ago | The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). | |||
| CVE-2017-13054 | critical | 9.8 | 9.8 | 9y ago | The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). | |||
| CVE-2017-13053 | critical | 9.8 | 9.8 | 9y ago | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). | |||
| CVE-2017-13052 | critical | 9.8 | 9.8 | 9y ago | The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). | |||
| CVE-2017-13051 | critical | 9.8 | 9.8 | 9y ago | The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). | |||
| CVE-2017-13050 | critical | 9.8 | 9.8 | 9y ago | The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). | |||
| CVE-2017-13049 | critical | 9.8 | 9.8 | 9y ago | The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print(). | |||
| CVE-2017-13048 | critical | 9.8 | 9.8 | 9y ago | The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). | |||
| CVE-2017-13047 | critical | 9.8 | 9.8 | 9y ago | The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). | |||
| CVE-2017-13046 | critical | 9.8 | 9.8 | 9y ago | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). | |||
| CVE-2017-13045 | critical | 9.8 | 9.8 | 9y ago | The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). | |||
| CVE-2017-13044 | critical | 9.8 | 9.8 | 9y ago | The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). | |||
| CVE-2017-13043 | critical | 9.8 | 9.8 | 9y ago | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn(). | |||
| CVE-2017-13042 | critical | 9.8 | 9.8 | 9y ago | The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). | |||
| CVE-2017-13041 | critical | 9.8 | 9.8 | 9y ago | The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). | |||
| CVE-2017-13040 | critical | 9.8 | 9.8 | 9y ago | The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. | |||
| CVE-2017-13039 | critical | 9.8 | 9.8 | 9y ago | The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. | |||
| CVE-2017-13038 | critical | 9.8 | 9.8 | 9y ago | The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). | |||
| CVE-2017-13037 | critical | 9.8 | 9.8 | 9y ago | The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). | |||
| CVE-2017-13036 | critical | 9.8 | 9.8 | 9y ago | The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). | |||
| CVE-2017-13035 | critical | 9.8 | 9.8 | 9y ago | The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). | |||
| CVE-2017-13034 | critical | 9.8 | 9.8 | 9y ago | The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | |||
| CVE-2017-13033 | critical | 9.8 | 9.8 | 9y ago | The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | |||
| CVE-2017-13032 | critical | 9.8 | 9.8 | 9y ago | The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). | |||
| CVE-2017-13031 | critical | 9.8 | 9.8 | 9y ago | The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). | |||
| CVE-2017-13030 | critical | 9.8 | 9.8 | 9y ago | The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. | |||
| CVE-2017-13029 | critical | 9.8 | 9.8 | 9y ago | The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). | |||
| CVE-2017-13028 | critical | 9.8 | 9.8 | 9y ago | The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). | |||
| CVE-2017-13027 | critical | 9.8 | 9.8 | 9y ago | The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). | |||
| CVE-2017-13026 | critical | 9.8 | 9.8 | 9y ago | The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. | |||
| CVE-2017-13025 | critical | 9.8 | 9.8 | 9y ago | The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | |||
| CVE-2017-13024 | critical | 9.8 | 9.8 | 9y ago | The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | |||
| CVE-2017-13023 | critical | 9.8 | 9.8 | 9y ago | The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | |||
| CVE-2017-13022 | critical | 9.8 | 9.8 | 9y ago | The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). | |||
| CVE-2017-13021 | critical | 9.8 | 9.8 | 9y ago | The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). | |||
| CVE-2017-13020 | critical | 9.8 | 9.8 | 9y ago | The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | |||
| CVE-2017-13019 | critical | 9.8 | 9.8 | 9y ago | The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | |||
| CVE-2017-13018 | critical | 9.8 | 9.8 | 9y ago | The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | |||
| CVE-2017-13017 | critical | 9.8 | 9.8 | 9y ago | The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). | |||
| CVE-2017-13016 | critical | 9.8 | 9.8 | 9y ago | The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). | |||
| CVE-2017-13015 | critical | 9.8 | 9.8 | 9y ago | The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). | |||
| CVE-2017-13014 | critical | 9.8 | 9.8 | 9y ago | The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. | |||
| CVE-2017-13013 | critical | 9.8 | 9.8 | 9y ago | The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions. | |||
| CVE-2017-13012 | critical | 9.8 | 9.8 | 9y ago | The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). | |||
| CVE-2017-13011 | critical | 9.8 | 9.8 | 9y ago | Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). | |||
| CVE-2017-13010 | critical | 9.8 | 9.8 | 9y ago | The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). | |||
| CVE-2017-13009 | critical | 9.8 | 9.8 | 9y ago | The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). | |||
| CVE-2017-13008 | critical | 9.8 | 9.8 | 9y ago | The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). | |||
| CVE-2017-13007 | critical | 9.8 | 9.8 | 9y ago | The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print(). | |||
| CVE-2017-13006 | critical | 9.8 | 9.8 | 9y ago | The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions. | |||
| CVE-2017-13005 | critical | 9.8 | 9.8 | 9y ago | The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter(). | |||
| CVE-2017-13004 | critical | 9.8 | 9.8 | 9y ago | The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). | |||
| CVE-2017-13003 | critical | 9.8 | 9.8 | 9y ago | The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). | |||
| CVE-2017-13002 | critical | 9.8 | 9.8 | 9y ago | The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension(). | |||
| CVE-2017-13001 | critical | 9.8 | 9.8 | 9y ago | The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh(). | |||
| CVE-2017-13000 | critical | 9.8 | 9.8 | 9y ago | The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). | |||
| CVE-2017-12999 | critical | 9.8 | 9.8 | 9y ago | The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print(). | |||
| CVE-2017-12998 | critical | 9.8 | 9.8 | 9y ago | The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach(). | |||
| CVE-2017-12997 | critical | 9.8 | 9.8 | 9y ago | The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). | |||
| CVE-2017-12996 | critical | 9.8 | 9.8 | 9y ago | The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). | |||
| CVE-2017-12995 | critical | 9.8 | 9.8 | 9y ago | The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). | |||
| CVE-2017-12994 | critical | 9.8 | 9.8 | 9y ago | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). | |||
| CVE-2017-12993 | critical | 9.8 | 9.8 | 9y ago | The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. | |||
| CVE-2017-12992 | critical | 9.8 | 9.8 | 9y ago | The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print(). | |||
| CVE-2017-12991 | critical | 9.8 | 9.8 | 9y ago | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). | |||
| CVE-2017-12990 | critical | 9.8 | 9.8 | 9y ago | The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. | |||
| CVE-2017-12988 | critical | 9.8 | 9.8 | 9y ago | The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse(). | |||
| CVE-2017-12987 | critical | 9.8 | 9.8 | 9y ago | The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). | |||
| CVE-2017-12986 | critical | 9.8 | 9.8 | 9y ago | The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). | |||
| CVE-2017-12985 | critical | 9.8 | 9.8 | 9y ago | The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). | |||
| CVE-2017-12902 | critical | 9.8 | 9.8 | 9y ago | The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. | |||
| CVE-2017-12901 | critical | 9.8 | 9.8 | 9y ago | The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). | |||
| CVE-2017-12900 | critical | 9.8 | 9.8 | 9y ago | Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). | |||
| CVE-2017-12899 | critical | 9.8 | 9.8 | 9y ago | The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). |