CVEs from 2017
Total
11,608
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2885 | critical | — | 9.5 | — | An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker … | |||
| CVE-2017-7827 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-5413 | critical | — | 9.5 | — | A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||
| CVE-2017-7756 | critical | — | 9.5 | — | A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firef… | |||
| CVE-2017-15422 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7824 | critical | — | 9.5 | — | A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks … | |||
| CVE-2017-7802 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exp… | |||
| CVE-2017-5388 | critical | — | 9.5 | — | A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on … | |||
| CVE-2017-5386 | critical | — | 9.5 | — | WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensio… | |||
| CVE-2017-7771 | critical | — | 9.5 | — | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. | |||
| CVE-2017-7826 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploit… | |||
| CVE-2017-7779 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of the… | |||
| CVE-2017-7757 | critical | — | 9.5 | — | A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerab… | |||
| CVE-2017-5422 | critical | — | 9.5 | — | If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer … | |||
| CVE-2017-5132 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-12376 | critical | — | 9.5 | — | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute ar… | |||
| CVE-2017-12379 | critical | — | 9.5 | — | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute ar… | |||
| CVE-2017-7772 | critical | — | 9.5 | — | Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function. | |||
| CVE-2017-15415 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5440 | critical | — | 9.5 | — | A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist.… | |||
| CVE-2017-7823 | critical | — | 9.5 | — | The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could all… | |||
| CVE-2017-5131 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7789 | critical | — | 9.5 | — | If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connectio… | |||
| CVE-2017-5417 | critical | — | 9.5 | — | When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match t… | |||
| CVE-2017-7784 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerabil… | |||
| CVE-2017-5127 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7819 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable… | |||
| CVE-2017-5382 | critical | — | 9.5 | — | Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vu… | |||
| CVE-2017-5379 | critical | — | 9.5 | — | Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. | |||
| CVE-2017-5385 | critical | — | 9.5 | — | Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using thi… | |||
| CVE-2017-5419 | critical | — | 9.5 | — | If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of servi… | |||
| CVE-2017-5408 | critical | — | 9.5 | — | Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This… | |||
| CVE-2017-5441 | critical | — | 9.5 | — | A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firef… | |||
| CVE-2017-7800 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulne… | |||
| CVE-2017-7834 | critical | — | 9.5 | — | A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions … | |||
| CVE-2017-15386 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5433 | critical | — | 9.5 | — | A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a poten… | |||
| CVE-2017-7842 | critical | — | 9.5 | — | If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of … | |||
| CVE-2017-7798 | critical | — | 9.5 | — | The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when open… | |||
| CVE-2017-7833 | critical | — | 9.5 | — | Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character … | |||
| CVE-2017-7840 | critical | — | 9.5 | — | JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this… | |||
| CVE-2017-7830 | critical | — | 9.5 | — | The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability aff… | |||
| CVE-2017-15388 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5380 | critical | — | 9.5 | — | A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||
| CVE-2017-15389 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7785 | critical | — | 9.5 | — | A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thund… | |||
| CVE-2017-5406 | critical | — | 9.5 | — | A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunde… | |||
| CVE-2017-5377 | critical | — | 9.5 | — | A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51. | |||
| CVE-2017-5421 | critical | — | 9.5 | — | A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < … | |||
| CVE-2017-5472 | critical | — | 9.5 | — | A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potenti… | |||
| CVE-2017-15393 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15410 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5458 | critical | — | 9.5 | — | When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themsel… | |||
| CVE-2017-5393 | critical | — | 9.5 | — | The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions… | |||
| CVE-2017-12378 | critical | — | 9.5 | — | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Th… | |||
| CVE-2017-7758 | critical | — | 9.5 | — | An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52… | |||
| CVE-2017-7781 | critical | — | 9.5 | — | An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle atta… | |||
| CVE-2017-5383 | critical | — | 9.5 | — | URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability a… | |||
| CVE-2017-5439 | critical | — | 9.5 | — | A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Fire… | |||
| CVE-2017-5449 | critical | — | 9.5 | — | A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, … | |||
| CVE-2017-7792 | critical | — | 9.5 | — | A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. T… | |||
| CVE-2017-5400 | critical | — | 9.5 | — | JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox … | |||
| CVE-2017-5455 | critical | — | 9.5 | — | The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution i… | |||
| CVE-2017-7753 | critical | — | 9.5 | — | An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefo… | |||
| CVE-2017-7808 | critical | — | 9.5 | — | A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information … | |||
| CVE-2017-7807 | critical | — | 9.5 | — | A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifes… | |||
| CVE-2017-5436 | critical | — | 9.5 | — | An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as… | |||
| CVE-2017-5376 | critical | — | 9.5 | — | Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||
| CVE-2017-5378 | critical | — | 9.5 | — | Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an obj… | |||
| CVE-2017-5467 | critical | — | 9.5 | — | A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and… | |||
| CVE-2017-15399 | critical | — | 9.5 | — | arbitrary code execution in chromium | |||
| CVE-2017-5454 | critical | — | 9.5 | — | A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This all… | |||
| CVE-2017-7787 | critical | — | 9.5 | — | Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. Thi… | |||
| CVE-2017-5390 | critical | — | 9.5 | — | The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vul… | |||
| CVE-2017-7777 | critical | — | 9.5 | — | Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. | |||
| CVE-2017-7778 | critical | — | 9.5 | — | A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Gra… | |||
| CVE-2017-15417 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5384 | critical | — | 9.5 | — | Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of… | |||
| CVE-2017-5405 | critical | — | 9.5 | — | Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and… | |||
| CVE-2017-5418 | critical | — | 9.5 | — | An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set … | |||
| CVE-2017-10140 | critical | — | 9.5 | — | Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and late… | |||
| CVE-2017-5401 | critical | — | 9.5 | — | A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefo… | |||
| CVE-2017-5402 | critical | — | 9.5 | — | A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. Th… | |||
| CVE-2017-15392 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5133 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7794 | critical | — | 9.5 | — | On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no wr… | |||
| CVE-2017-12374 | critical | — | 9.5 | — | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device… | |||
| CVE-2017-5468 | critical | — | 9.5 | — | An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vul… | |||
| CVE-2017-5469 | critical | — | 9.5 | — | Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||
| CVE-2017-15424 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5407 | critical | — | 9.5 | — | Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history informatio… | |||
| CVE-2017-7749 | critical | — | 9.5 | — | A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < … | |||
| CVE-2017-15391 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5410 | critical | — | 9.5 | — | Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects… | |||
| CVE-2017-7788 | critical | — | 9.5 | — | When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandb… | |||
| CVE-2017-5387 | critical | — | 9.5 | — | The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the … | |||
| CVE-2017-7773 | critical | — | 9.5 | — | Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. | |||
| CVE-2017-5381 | critical | — | 9.5 | — | The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe loca… | |||
| CVE-2017-7797 | critical | — | 9.5 | — | Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerabilit… | |||
| CVE-2017-7751 | critical | — | 9.5 | — | A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. |