Search
On this page ▾

KEV 2017

86 CISA Known Exploited Vulnerabilities from 2017

Critical 23

March 2026

CVE-2017-7921

Hikvision Multiple Products — Hikvision Multiple Products Improper Authentication Vulnerability

CVSS 9.8

October 2025

CVE-2017-1000353

Jenkins Jenkins — Jenkins Remote Code Execution Vulnerability

CVSS 9.8

February 2025

CVE-2017-3066

Adobe ColdFusion — Adobe ColdFusion Deserialization Vulnerability

CVSS 9.8

August 2023

CVE-2017-18368

Zyxel P660HN-T1A Routers — Zyxel P660HN-T1A Routers Command Injection Vulnerability

CVSS 9.8

March 2023

CVE-2017-7494

Samba Samba — Samba Remote Code Execution Vulnerability

CVSS 9.8

January 2023

CVE-2017-11357

Telerik User Interface (UI) for ASP.NET AJAX — Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability

CVSS 9.8

August 2022

CVE-2017-15944

Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Remote Code Execution Vulnerability

CVSS 9.8

June 2022

CVE-2017-6862

NETGEAR Multiple Devices — NETGEAR Multiple Devices Buffer Overflow Vulnerability

CVSS 9.8

May 2022

CVE-2017-18362

Kaseya Virtual System/Server Administrator (VSA) — Kaseya VSA SQL Injection Vulnerability

CVSS 9.8
CVE-2017-8543

Microsoft Windows — Microsoft Windows Search Remote Code Execution Vulnerability

CVSS 9.8

April 2022

CVE-2017-11317

Telerik User Interface (UI) for ASP.NET AJAX — Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability

CVSS 9.8

March 2022

CVE-2017-3881

Cisco IOS and IOS XE — Cisco IOS and IOS XE Remote Code Execution Vulnerability

CVSS 9.8
CVE-2017-6316

Citrix NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server — Citrix Multiple Products Remote Code Execution Vulnerability

CVSS 9.8
CVE-2017-6077

NETGEAR Wireless Router DGN2200 — NETGEAR DGN2200 Remote Code Execution Vulnerability

CVSS 9.8
CVE-2017-12240

Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability

CVSS 9.8

February 2022

CVE-2017-9841

PHPUnit PHPUnit — PHPUnit Command Injection Vulnerability

CVSS 9.8
CVE-2017-9791

Apache Struts 1 — Apache Struts 1 Improper Input Validation Vulnerability

CVSS 9.8

January 2022

CVE-2017-5689

Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability — Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability

CVSS 9.8
CVE-2017-1000486

Primetek Primefaces Application — Primetek Primefaces Remote Code Execution Vulnerability

CVSS 9.8

December 2021

CVE-2017-12149

Red Hat JBoss Application Server — Red Hat JBoss Application Server Remote Code Execution Vulnerability

CVSS 9.8

November 2021

CVE-2017-5638

Apache Struts — Apache Struts Remote Code Execution Vulnerability

CVSS 9.8
CVE-2017-7269

Microsoft Internet Information Services (IIS) — Microsoft Windows Server Buffer Overflow Vulnerability

CVSS 9.8
CVE-2017-9248

Progress ASP.NET AJAX and Sitefinity — Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability

CVSS 9.8

High 57

March 2025

CVE-2017-12637

SAP NetWeaver — SAP NetWeaver Directory Traversal Vulnerability

CVSS 7.5

September 2024

CVE-2017-1000253

Linux Kernel — Linux Kernel PIE Stack Buffer Corruption Vulnerability

CVSS 7.8

June 2024

CVE-2017-3506

Oracle WebLogic Server — Oracle WebLogic Server OS Command Injection Vulnerability

CVSS 7.4

September 2023

CVE-2017-6884

Zyxel EMG2926 Routers — Zyxel EMG2926 Routers Command Injection Vulnerability

CVSS 8.8

April 2023

CVE-2017-6742

Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVSS 8.8

September 2022

CVE-2017-5521

NETGEAR Multiple Devices — NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability

CVSS 8.1

June 2022

CVE-2017-5030

Google Chromium V8 — Google Chromium V8 Memory Corruption Vulnerability

CVSS 8.8
CVE-2017-5070

Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability

CVSS 8.8

May 2022

CVE-2017-0149

Microsoft Internet Explorer — Microsoft Internet Explorer Memory Corruption Vulnerability

CVSS 8.8
CVE-2017-0210

Microsoft Internet Explorer — Microsoft Internet Explorer Privilege Escalation Vulnerability

CVSS 8.8
CVE-2017-0005

Microsoft Windows — Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability

CVSS 7.8
CVE-2017-8291

Artifex Ghostscript — Artifex Ghostscript Type Confusion Vulnerability

CVSS 7.8
CVE-2017-0147

Microsoft SMBv1 server — Microsoft Windows SMBv1 Information Disclosure Vulnerability

CVSS 7.5

April 2022

CVE-2017-0148

Microsoft SMBv1 server — Microsoft SMBv1 Server Remote Code Execution Vulnerability

CVSS 8.1

March 2022

CVE-2017-0146

Microsoft Windows — Microsoft Windows SMB Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-6334

NETGEAR DGN2200 Devices — NETGEAR DGN2200 Devices OS Command Injection Vulnerability

CVSS 8.8
CVE-2017-11292

Adobe Flash Player — Adobe Flash Player Type Confusion Vulnerability

CVSS 8.8
CVE-2017-6736

Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-6737

Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-6738

Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-6739

Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-6740

Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-6743

Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-6744

Cisco IOS software — Cisco IOS Software SNMP Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-0037

Microsoft Edge and Internet Explorer — Microsoft Edge and Internet Explorer Type Confusion Vulnerability

CVSS 8.1
CVE-2017-12615

Apache Tomcat — Apache Tomcat on Windows Remote Code Execution Vulnerability

CVSS 8.1
CVE-2017-12617

Apache Tomcat — Apache Tomcat Remote Code Execution Vulnerability

CVSS 8.1
CVE-2017-0101

Microsoft Windows — Microsoft Windows Transaction Manager Privilege Escalation Vulnerability

CVSS 7.8
CVE-2017-0001

Microsoft Graphics Device Interface (GDI) — Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability

CVSS 7.8
CVE-2017-0261

Microsoft Office — Microsoft Office Use-After-Free Vulnerability

CVSS 7.8
CVE-2017-11826

Microsoft Office — Microsoft Office Remote Code Execution Vulnerability

CVSS 7.8
CVE-2017-8540

Microsoft Malware Protection Engine — Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability

CVSS 7.8
CVE-2017-12231

Cisco IOS software — Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability

CVSS 7.5
CVE-2017-12233

Cisco IOS software — Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability

CVSS 7.5
CVE-2017-12234

Cisco IOS software — Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability

CVSS 7.5
CVE-2017-12235

Cisco IOS software — Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability

CVSS 7.5
CVE-2017-12237

Cisco IOS and IOS XE Software — Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability

CVSS 7.5
CVE-2017-6627

Cisco IOS and IOS XE Software — Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability

CVSS 7.5
CVE-2017-0213

Microsoft Windows — Microsoft Windows Privilege Escalation Vulnerability

CVSS 7.3

February 2022

CVE-2017-0222

Microsoft Internet Explorer — Microsoft Internet Explorer Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-0144

Microsoft SMBv1 'EternalBlue' — NSA-Developed SMBv1 Buffer Overflow Used in WannaCry and NotPetya

CVSS 8.8
CVE-2017-0145

Microsoft SMBv1 — Microsoft SMBv1 Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-8464

Microsoft Windows — Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-8570

Microsoft Office — Microsoft Office Remote Code Execution Vulnerability

CVSS 7.8
CVE-2017-0262

Microsoft Office — Microsoft Office Remote Code Execution Vulnerability

CVSS 7.8
CVE-2017-0263

Microsoft Win32k — Microsoft Win32k Privilege Escalation Vulnerability

CVSS 7.8
CVE-2017-10271

Oracle WebLogic Server — Oracle Corporation WebLogic Server Remote Code Execution Vulnerability

CVSS 7.5

December 2021

CVE-2017-17562

Embedthis GoAhead — Embedthis GoAhead Remote Code Execution Vulnerability

CVSS 8.1

November 2021

CVE-2017-0143

Microsoft Windows — Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-6327

Symantec Symantec Messaging Gateway — Symantec Messaging Gateway Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-9822

DotNetNuke (DNN) DotNetNuke (DNN) — DotNetNuke (DNN) Remote Code Execution Vulnerability

CVSS 8.8
CVE-2017-9805

Apache Struts — Apache Struts Deserialization of Untrusted Data Vulnerability

CVSS 8.1
CVE-2017-0199

Microsoft Office and WordPad — Microsoft Office and WordPad Remote Code Execution Vulnerability

CVSS 7.8
CVE-2017-11774

Microsoft Office — Microsoft Office Outlook Security Feature Bypass Vulnerability

CVSS 7.8
CVE-2017-11882

Microsoft Office — Microsoft Office Memory Corruption Vulnerability

CVSS 7.8
CVE-2017-16651

Roundcube Roundcube Webmail — Roundcube Webmail File Disclosure Vulnerability

CVSS 7.8
CVE-2017-8759

Microsoft .NET Framework — Microsoft .NET Framework Remote Code Execution Vulnerability

CVSS 7.8

Medium 6

May 2022

CVE-2017-0022

Microsoft XML Core Services — Microsoft XML Core Services Information Disclosure Vulnerability

CVSS 6.5

March 2022

CVE-2017-12232

Cisco IOS software — Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability

CVSS 6.5
CVE-2017-12238

Cisco Catalyst 6800 Series Switches — Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability

CVSS 6.5
CVE-2017-6663

Cisco IOS and IOS XE Software — Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability

CVSS 6.5
CVE-2017-12319

Cisco IOS XE Software — Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability

CVSS 5.9
CVE-2017-0059

Microsoft Internet Explorer — Microsoft Internet Explorer Information Disclosure Vulnerability

CVSS 4.3
Gavin Hollinger & AI assembled this air-gap friendly HTML