CVEs from 2017
Total
11,606
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7810 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploit… | |||
| CVE-2017-7806 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefo… | |||
| CVE-2017-7805 | critical | — | 9.5 | — | During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space a… | |||
| CVE-2017-7803 | critical | — | 9.5 | — | When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbi… | |||
| CVE-2017-15411 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15389 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7000 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7838 | critical | — | 9.5 | — | Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed … | |||
| CVE-2017-7807 | critical | — | 9.5 | — | A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifes… | |||
| CVE-2017-7802 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exp… | |||
| CVE-2017-7800 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulne… | |||
| CVE-2017-7762 | critical | — | 9.5 | — | When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerabilit… | |||
| CVE-2017-5464 | critical | — | 9.5 | — | During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. T… | |||
| CVE-2017-5469 | critical | — | 9.5 | — | Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||
| CVE-2017-7799 | critical | — | 9.5 | — | JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficul… | |||
| CVE-2017-5456 | critical | — | 9.5 | — | A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. T… | |||
| CVE-2017-7794 | critical | — | 9.5 | — | On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no wr… | |||
| CVE-2017-7757 | critical | — | 9.5 | — | A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerab… | |||
| CVE-2017-7793 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affect… | |||
| CVE-2017-7792 | critical | — | 9.5 | — | A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. T… | |||
| CVE-2017-7780 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-5442 | critical | — | 9.5 | — | A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45… | |||
| CVE-2017-7791 | critical | — | 9.5 | — | On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert fr… | |||
| CVE-2017-7789 | critical | — | 9.5 | — | If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connectio… | |||
| CVE-2017-7797 | critical | — | 9.5 | — | Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerabilit… | |||
| CVE-2017-7798 | critical | — | 9.5 | — | The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when open… | |||
| CVE-2017-7808 | critical | — | 9.5 | — | A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information … | |||
| CVE-2017-7809 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This … | |||
| CVE-2017-7801 | critical | — | 9.5 | — | A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potenti… | |||
| CVE-2017-7828 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during th… | |||
| CVE-2017-7834 | critical | — | 9.5 | — | A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions … | |||
| CVE-2017-7842 | critical | — | 9.5 | — | If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of … | |||
| CVE-2017-2885 | critical | — | 9.5 | — | An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker … | |||
| CVE-2017-7758 | critical | — | 9.5 | — | An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52… | |||
| CVE-2017-5433 | critical | — | 9.5 | — | A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a poten… | |||
| CVE-2017-7756 | critical | — | 9.5 | — | A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firef… | |||
| CVE-2017-7754 | critical | — | 9.5 | — | An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||
| CVE-2017-7753 | critical | — | 9.5 | — | An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefo… | |||
| CVE-2017-15388 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15390 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7752 | critical | — | 9.5 | — | A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash bu… | |||
| CVE-2017-7751 | critical | — | 9.5 | — | A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||
| CVE-2017-5125 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15394 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7750 | critical | — | 9.5 | — | A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially… | |||
| CVE-2017-7749 | critical | — | 9.5 | — | A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < … | |||
| CVE-2017-5131 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5472 | critical | — | 9.5 | — | A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potenti… | |||
| CVE-2017-5446 | critical | — | 9.5 | — | An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 5… | |||
| CVE-2017-5470 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploit… | |||
| CVE-2017-5468 | critical | — | 9.5 | — | An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vul… | |||
| CVE-2017-5467 | critical | — | 9.5 | — | A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and… | |||
| CVE-2017-5460 | critical | — | 9.5 | — | A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability… | |||
| CVE-2017-5455 | critical | — | 9.5 | — | The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution i… | |||
| CVE-2017-5451 | critical | — | 9.5 | — | A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to b… | |||
| CVE-2017-5454 | critical | — | 9.5 | — | A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This all… | |||
| CVE-2017-5449 | critical | — | 9.5 | — | A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, … | |||
| CVE-2017-5445 | critical | — | 9.5 | — | A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arra… | |||
| CVE-2017-7774 | critical | — | 9.5 | — | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. | |||
| CVE-2017-5443 | critical | — | 9.5 | — | An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||
| CVE-2017-5440 | critical | — | 9.5 | — | A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist.… | |||
| CVE-2017-5439 | critical | — | 9.5 | — | A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Fire… | |||
| CVE-2017-5436 | critical | — | 9.5 | — | An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as… | |||
| CVE-2017-5429 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th… | |||
| CVE-2017-5427 | critical | — | 9.5 | — | A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced f… | |||
| CVE-2017-5406 | critical | — | 9.5 | — | A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunde… | |||
| CVE-2017-5426 | critical | — | 9.5 | — | On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox … | |||
| CVE-2017-5422 | critical | — | 9.5 | — | If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer … | |||
| CVE-2017-15410 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-12376 | critical | — | 9.5 | — | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute ar… | |||
| CVE-2017-5407 | critical | — | 9.5 | — | Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history informatio… | |||
| CVE-2017-5416 | critical | — | 9.5 | — | In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 5… | |||
| CVE-2017-5405 | critical | — | 9.5 | — | Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and… | |||
| CVE-2017-5403 | critical | — | 9.5 | — | When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable cras… | |||
| CVE-2017-5401 | critical | — | 9.5 | — | A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefo… | |||
| CVE-2017-5400 | critical | — | 9.5 | — | JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox … | |||
| CVE-2017-5128 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15416 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5399 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-5398 | critical | — | 9.5 | — | Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbit… | |||
| CVE-2017-5396 | critical | — | 9.5 | — | A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 4… | |||
| CVE-2017-5391 | critical | — | 9.5 | — | Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potent… | |||
| CVE-2017-5390 | critical | — | 9.5 | — | The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vul… | |||
| CVE-2017-5389 | critical | — | 9.5 | — | WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. Thi… | |||
| CVE-2017-5388 | critical | — | 9.5 | — | A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on … | |||
| CVE-2017-5387 | critical | — | 9.5 | — | The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the … | |||
| CVE-2017-5385 | critical | — | 9.5 | — | Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using thi… | |||
| CVE-2017-5384 | critical | — | 9.5 | — | Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of… | |||
| CVE-2017-5379 | critical | — | 9.5 | — | Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. | |||
| CVE-2017-15387 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5378 | critical | — | 9.5 | — | Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an obj… | |||
| CVE-2017-5126 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5376 | critical | — | 9.5 | — | Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||
| CVE-2017-7837 | critical | — | 9.5 | — | SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57. | |||
| CVE-2017-7835 | critical | — | 9.5 | — | Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked,… | |||
| CVE-2017-7827 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-7818 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable… | |||
| CVE-2017-5471 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-12379 | critical | — | 9.5 | — | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute ar… | |||
| CVE-2017-5434 | critical | — | 9.5 | — | A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR … |