CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14838 | high | 8.8 | 9.8 | 9y ago | TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | |||
| CVE-2017-12814 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long en… | |||
| CVE-2017-12621 | critical | 9.8 | 9.8 | 9y ago | Improper Restriction of XML External Entity Reference in Jelly | |||
| CVE-2017-11121 | critical | 9.8 | 9.8 | 9y ago | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack o… | |||
| CVE-2017-10932 | critical | 9.8 | 9.8 | 9y ago | All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI… | |||
| CVE-2017-14760 | critical | 9.8 | 9.8 | 9y ago | SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.… | |||
| CVE-2017-14704 | high | 8.8 | 9.8 | 9y ago | Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code … | |||
| CVE-2017-9957 | critical | 9.8 | 9.8 | 9y ago | A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can … | |||
| CVE-2017-7974 | critical | 9.8 | 9.8 | 9y ago | A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and… | |||
| CVE-2017-7973 | critical | 9.8 | 9.8 | 9y ago | A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of… | |||
| CVE-2017-14125 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme tas… | |||
| CVE-2017-14723 | critical | 9.8 | 9.8 | 9y ago | Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injec… | |||
| CVE-2017-14080 | critical | 9.8 | 9.8 | 9y ago | Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. | |||
| CVE-2017-14078 | critical | 9.8 | 9.8 | 9y ago | SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | |||
| CVE-2017-9393 | critical | 9.8 | 9.8 | 9y ago | CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | |||
| CVE-2017-14637 | critical | 9.8 | 9.8 | 9y ago | In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address. | |||
| CVE-2017-14636 | critical | 9.8 | 9.8 | 9y ago | Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes… | |||
| CVE-2017-9283 | critical | 9.8 | 9.8 | 9y ago | An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | |||
| CVE-2017-9282 | critical | 9.8 | 9.8 | 9y ago | An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerabil… | |||
| CVE-2017-12170 | critical | 9.8 | 9.8 | 9y ago | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with defau… | |||
| CVE-2017-14652 | critical | 9.8 | 9.8 | 9y ago | SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC enco… | |||
| CVE-2017-14648 | critical | 9.8 | 9.8 | 9y ago | A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service o… | |||
| CVE-2017-12929 | high | 8.8 | 9.8 | 9y ago | Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | |||
| CVE-2017-12928 | critical | 9.8 | 9.8 | 9y ago | A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with… | |||
| CVE-2017-14632 | critical | 9.8 | 9.8 | 9y ago | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 5501… | |||
| CVE-2017-14631 | critical | 9.8 | 9.8 | 9y ago | In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow. | |||
| CVE-2017-14630 | critical | 9.8 | 9.8 | 9y ago | In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation. | |||
| CVE-2017-14628 | critical | 9.8 | 9.8 | 9y ago | In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp. | |||
| CVE-2017-14626 | critical | 9.8 | 9.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. | |||
| CVE-2017-14625 | critical | 9.8 | 9.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. | |||
| CVE-2017-14624 | critical | 9.8 | 9.8 | 9y ago | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. | |||
| CVE-2017-14596 | critical | 9.8 | 9.8 | 9y ago | In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. | |||
| CVE-2017-8772 | critical | 9.8 | 9.8 | 9y ago | On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file syst… | |||
| CVE-2017-8771 | critical | 9.8 | 9.8 | 9y ago | On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is… | |||
| CVE-2017-10700 | critical | 9.8 | 9.8 | 9y ago | In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. | |||
| CVE-2017-10930 | critical | 9.8 | 9.8 | 9y ago | The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information li… | |||
| CVE-2017-14532 | critical | 9.8 | 9.8 | 9y ago | ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. | |||
| CVE-2017-14512 | critical | 9.8 | 9.8 | 9y ago | NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. | |||
| CVE-2017-9328 | critical | 9.8 | 9.8 | 9y ago | Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | |||
| CVE-2017-10845 | critical | 9.8 | 9.8 | 9y ago | Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. | |||
| CVE-2017-0781 | high | 8.8 | 9.8 | 9y ago | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. | |||
| CVE-2017-1002028 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed i… | |||
| CVE-2017-1002027 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.… | |||
| CVE-2017-1002023 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | |||
| CVE-2017-1002022 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. | |||
| CVE-2017-1002021 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | |||
| CVE-2017-1002020 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. | |||
| CVE-2017-1002019 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | |||
| CVE-2017-1002018 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | |||
| CVE-2017-1002016 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | |||
| CVE-2017-1002015 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. | |||
| CVE-2017-1002014 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. | |||
| CVE-2017-1002013 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | |||
| CVE-2017-1002012 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable bef… | |||
| CVE-2017-1002010 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize use… | |||
| CVE-2017-1002009 | critical | 9.8 | 9.8 | 9y ago | Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize use… | |||
| CVE-2017-13725 | critical | 9.8 | 9.8 | 9y ago | The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). | |||
| CVE-2017-13690 | critical | 9.8 | 9.8 | 9y ago | The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. | |||
| CVE-2017-13689 | critical | 9.8 | 9.8 | 9y ago | The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). | |||
| CVE-2017-13688 | critical | 9.8 | 9.8 | 9y ago | The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). | |||
| CVE-2017-13687 | critical | 9.8 | 9.8 | 9y ago | The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). | |||
| CVE-2017-13055 | critical | 9.8 | 9.8 | 9y ago | The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). | |||
| CVE-2017-13054 | critical | 9.8 | 9.8 | 9y ago | The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). | |||
| CVE-2017-13053 | critical | 9.8 | 9.8 | 9y ago | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). | |||
| CVE-2017-13052 | critical | 9.8 | 9.8 | 9y ago | The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). | |||
| CVE-2017-13051 | critical | 9.8 | 9.8 | 9y ago | The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). | |||
| CVE-2017-13050 | critical | 9.8 | 9.8 | 9y ago | The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). | |||
| CVE-2017-13049 | critical | 9.8 | 9.8 | 9y ago | The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print(). | |||
| CVE-2017-13048 | critical | 9.8 | 9.8 | 9y ago | The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). | |||
| CVE-2017-13047 | critical | 9.8 | 9.8 | 9y ago | The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). | |||
| CVE-2017-13046 | critical | 9.8 | 9.8 | 9y ago | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). | |||
| CVE-2017-13045 | critical | 9.8 | 9.8 | 9y ago | The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). | |||
| CVE-2017-13044 | critical | 9.8 | 9.8 | 9y ago | The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). | |||
| CVE-2017-13043 | critical | 9.8 | 9.8 | 9y ago | The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn(). | |||
| CVE-2017-13042 | critical | 9.8 | 9.8 | 9y ago | The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). | |||
| CVE-2017-13041 | critical | 9.8 | 9.8 | 9y ago | The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). | |||
| CVE-2017-13040 | critical | 9.8 | 9.8 | 9y ago | The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. | |||
| CVE-2017-13039 | critical | 9.8 | 9.8 | 9y ago | The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. | |||
| CVE-2017-13038 | critical | 9.8 | 9.8 | 9y ago | The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). | |||
| CVE-2017-13037 | critical | 9.8 | 9.8 | 9y ago | The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). | |||
| CVE-2017-13036 | critical | 9.8 | 9.8 | 9y ago | The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). | |||
| CVE-2017-13035 | critical | 9.8 | 9.8 | 9y ago | The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). | |||
| CVE-2017-13034 | critical | 9.8 | 9.8 | 9y ago | The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | |||
| CVE-2017-13033 | critical | 9.8 | 9.8 | 9y ago | The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | |||
| CVE-2017-13032 | critical | 9.8 | 9.8 | 9y ago | The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). | |||
| CVE-2017-13031 | critical | 9.8 | 9.8 | 9y ago | The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). | |||
| CVE-2017-13030 | critical | 9.8 | 9.8 | 9y ago | The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. | |||
| CVE-2017-13029 | critical | 9.8 | 9.8 | 9y ago | The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). | |||
| CVE-2017-13028 | critical | 9.8 | 9.8 | 9y ago | The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). | |||
| CVE-2017-13027 | critical | 9.8 | 9.8 | 9y ago | The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). | |||
| CVE-2017-13026 | critical | 9.8 | 9.8 | 9y ago | The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. | |||
| CVE-2017-13025 | critical | 9.8 | 9.8 | 9y ago | The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | |||
| CVE-2017-13024 | critical | 9.8 | 9.8 | 9y ago | The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | |||
| CVE-2017-13023 | critical | 9.8 | 9.8 | 9y ago | The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | |||
| CVE-2017-13022 | critical | 9.8 | 9.8 | 9y ago | The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). | |||
| CVE-2017-13021 | critical | 9.8 | 9.8 | 9y ago | The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). | |||
| CVE-2017-13020 | critical | 9.8 | 9.8 | 9y ago | The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | |||
| CVE-2017-13019 | critical | 9.8 | 9.8 | 9y ago | The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | |||
| CVE-2017-13018 | critical | 9.8 | 9.8 | 9y ago | The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | |||
| CVE-2017-13017 | critical | 9.8 | 9.8 | 9y ago | The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). |