CVEs from 2017
Total
11,979
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
13.7%
% with KEV
0.7%
% with exploit
0.7%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 490
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-7921 | unknown | — | 1.5 | 3mo ago | Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information. | |
| CVE-2017-12637 | unknown | — | 1.5 | 1y ago | SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files vi… | |
| CVE-2017-3066 | unknown | — | 1.5 | 1y ago | Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution. | |
| CVE-2017-1000253 | unknown | — | 1.5 | 2y ago | Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges. | |
| CVE-2017-3506 | unknown | — | 1.5 | 2y ago | Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP req… | |
| CVE-2017-6884 | unknown | — | 1.5 | 3y ago | Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious… | |
| CVE-2017-18368 | unknown | — | 1.5 | 3y ago | Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host param… | |
| CVE-2017-6742 | unknown | — | 1.5 | 3y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected sys… | |
| CVE-2017-11357 | unknown | — | 1.5 | 3y ago | Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution. | |
| CVE-2017-5521 | unknown | — | 1.5 | 4y ago | Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server. | |
| CVE-2017-15944 | unknown | — | 1.5 | 4y ago | Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained. | |
| CVE-2017-6862 | unknown | — | 1.5 | 4y ago | Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution. | |
| CVE-2017-0022 | unknown | — | 1.5 | 4y ago | Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site. | |
| CVE-2017-18362 | unknown | — | 1.5 | 4y ago | ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. | |
| CVE-2017-0147 | unknown | — | 1.5 | 4y ago | The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet. | |
| CVE-2017-0210 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information. | |
| CVE-2017-0005 | unknown | — | 1.5 | 4y ago | The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application. | |
| CVE-2017-8543 | unknown | — | 1.5 | 4y ago | Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory. | |
| CVE-2017-0149 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website. | |
| CVE-2017-12617 | unknown | — | 1.5 | 4y ago | When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the serv… | |
| CVE-2017-9791 | unknown | — | 1.5 | 4y ago | The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. | |
| CVE-2017-1000353 | unknown | — | 1.5 | 4y ago | Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would… | |
| CVE-2017-11317 | unknown | — | 1.5 | 4y ago | Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | |
| CVE-2017-0148 | unknown | — | 1.5 | 4y ago | The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets. | |
| CVE-2017-0059 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site. | |
| CVE-2017-0213 | unknown | — | 1.5 | 4y ago | Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application. | |
| CVE-2017-0037 | unknown | — | 1.5 | 4y ago | Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. | |
| CVE-2017-3881 | unknown | — | 1.5 | 4y ago | A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected … | |
| CVE-2017-6316 | unknown | — | 1.5 | 4y ago | A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthent… | |
| CVE-2017-6334 | unknown | — | 1.5 | 4y ago | dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands | |
| CVE-2017-0146 | unknown | — | 1.5 | 4y ago | The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution. | |
| CVE-2017-0101 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. | |
| CVE-2017-6077 | unknown | — | 1.5 | 4y ago | NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution. | |
| CVE-2017-12231 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service. | |
| CVE-2017-12240 | unknown | — | 1.5 | 4y ago | The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrar… | |
| CVE-2017-12233 | unknown | — | 1.5 | 4y ago | There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resu… | |
| CVE-2017-12235 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload… | |
| CVE-2017-6627 | unknown | — | 1.5 | 4y ago | A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an inter… | |
| CVE-2017-6744 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or ca… | |
| CVE-2017-11826 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could … | |
| CVE-2017-12234 | unknown | — | 1.5 | 4y ago | There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resu… | |
| CVE-2017-11292 | unknown | — | 1.5 | 4y ago | Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution. | |
| CVE-2017-0261 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution. | |
| CVE-2017-12232 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an … | |
| CVE-2017-6740 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected sys… | |
| CVE-2017-6738 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |
| CVE-2017-6736 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |
| CVE-2017-0001 | unknown | — | 1.5 | 4y ago | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gol… | |
| CVE-2017-6737 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |
| CVE-2017-12237 | unknown | — | 1.5 | 4y ago | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, … | |
| CVE-2017-6739 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected sys… | |
| CVE-2017-6663 | unknown | — | 1.5 | 4y ago | A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to… | |
| CVE-2017-8540 | unknown | — | 1.5 | 4y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |
| CVE-2017-12238 | unknown | — | 1.5 | 4y ago | A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service. | |
| CVE-2017-12319 | unknown | — | 1.5 | 4y ago | A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to r… | |
| CVE-2017-6743 | unknown | — | 1.5 | 4y ago | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | |
| CVE-2017-0222 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. | |
| CVE-2017-8570 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. | |
| CVE-2017-0144 | unknown | — | 1.5 | 4y ago | The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. | |
| CVE-2017-10271 | unknown | — | 1.5 | 4y ago | Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution. | |
| CVE-2017-0145 | unknown | — | 1.5 | 4y ago | The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. | |
| CVE-2017-8464 | unknown | — | 1.5 | 4y ago | Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file | |
| CVE-2017-0262 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Office. | |
| CVE-2017-0263 | unknown | — | 1.5 | 4y ago | Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory. | |
| CVE-2017-5689 | unknown | — | 1.5 | 4y ago | Intel products contain a vulnerability which can allow attackers to perform privilege escalation. | |
| CVE-2017-12149 | unknown | — | 1.5 | 5y ago | The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data. | |
| CVE-2017-17562 | unknown | — | 1.5 | 5y ago | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. | |
| CVE-2017-8759 | unknown | — | 1.5 | 5y ago | Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system. | |
| CVE-2017-0143 | unknown | — | 1.5 | 5y ago | Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution. | |
| CVE-2017-11882 | unknown | — | 1.5 | 5y ago | Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user. | |
| CVE-2017-11774 | unknown | — | 1.5 | 5y ago | Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands. | |
| CVE-2017-6327 | unknown | — | 1.5 | 5y ago | Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform p… | |
| CVE-2017-7269 | unknown | — | 1.5 | 5y ago | Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If… | |
| CVE-2017-0199 | unknown | — | 1.5 | 5y ago | Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution. | |
| CVE-2017-9248 | unknown | — | 1.5 | 5y ago | Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey… | |
| CVE-2017-1000486 | unknown | — | 1.5 | 5y ago | Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution | |
| CVE-2017-5638 | unknown | — | 1.5 | 8y ago | Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution. | |
| CVE-2017-12615 | unknown | — | 1.5 | 8y ago | When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it conta… | |
| CVE-2017-9805 | unknown | — | 1.5 | 8y ago | Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads. | |
| CVE-2017-9822 | unknown | — | 1.5 | 8y ago | DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization. | |
| CVE-2017-12186 | unknown | — | — | — | xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |
| CVE-2017-15101 | unknown | — | — | — | A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbit… | |
| CVE-2017-18224 | unknown | — | — | — | In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local… | |
| CVE-2017-2839 | unknown | — | — | — | ||
| CVE-2017-2493 | unknown | — | — | — | ||
| CVE-2017-12173 | unknown | — | — | — | It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environm… | |
| CVE-2017-13305 | unknown | — | — | — | A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. | |
| CVE-2017-12148 | unknown | — | — | — | ||
| CVE-2017-2616 | unknown | — | — | — | A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root pr… | |
| CVE-2017-18232 | unknown | — | — | — | The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certa… | |
| CVE-2017-12447 | unknown | — | — | — | GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impa… | |
| CVE-2017-1000422 | unknown | — | — | — | Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution | |
| CVE-2017-18229 | unknown | — | — | — | An issue was discovered in GraphicsMagick 1.3.26. An allocation failure vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allows attackers to cause a denial of service via… | |
| CVE-2017-15129 | unknown | — | — | — | A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::… | |
| CVE-2017-3224 | unknown | — | — | — | Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two i… | |
| CVE-2017-1000409 | unknown | — | — | — | A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to th… | |
| CVE-2017-18249 | unknown | — | — | — | The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibl… | |
| CVE-2017-18509 | unknown | — | — | — | An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop ge… | |
| CVE-2017-2924 | unknown | — | — | — | An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code ex… | |
| CVE-2017-12109 | unknown | — | — | — | An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resul… |