CVEs from 2017
Total
11,608
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5426 | critical | — | 9.5 | — | On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox … | |||
| CVE-2017-5422 | critical | — | 9.5 | — | If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer … | |||
| CVE-2017-5421 | critical | — | 9.5 | — | A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < … | |||
| CVE-2017-5420 | critical | — | 9.5 | — | A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious pag… | |||
| CVE-2017-5419 | critical | — | 9.5 | — | If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of servi… | |||
| CVE-2017-7805 | critical | — | 9.5 | — | During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space a… | |||
| CVE-2017-5410 | critical | — | 9.5 | — | Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects… | |||
| CVE-2017-5408 | critical | — | 9.5 | — | Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This… | |||
| CVE-2017-5407 | critical | — | 9.5 | — | Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history informatio… | |||
| CVE-2017-5416 | critical | — | 9.5 | — | In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 5… | |||
| CVE-2017-5405 | critical | — | 9.5 | — | Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and… | |||
| CVE-2017-5403 | critical | — | 9.5 | — | When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable cras… | |||
| CVE-2017-5401 | critical | — | 9.5 | — | A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefo… | |||
| CVE-2017-15387 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5400 | critical | — | 9.5 | — | JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox … | |||
| CVE-2017-5399 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-5398 | critical | — | 9.5 | — | Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbit… | |||
| CVE-2017-5396 | critical | — | 9.5 | — | A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 4… | |||
| CVE-2017-5391 | critical | — | 9.5 | — | Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potent… | |||
| CVE-2017-5390 | critical | — | 9.5 | — | The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vul… | |||
| CVE-2017-15410 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5389 | critical | — | 9.5 | — | WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. Thi… | |||
| CVE-2017-5388 | critical | — | 9.5 | — | A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on … | |||
| CVE-2017-5387 | critical | — | 9.5 | — | The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the … | |||
| CVE-2017-5385 | critical | — | 9.5 | — | Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using thi… | |||
| CVE-2017-12375 | critical | — | 9.5 | — | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device… | |||
| CVE-2017-5384 | critical | — | 9.5 | — | Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of… | |||
| CVE-2017-5379 | critical | — | 9.5 | — | Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. | |||
| CVE-2017-5378 | critical | — | 9.5 | — | Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an obj… | |||
| CVE-2017-5376 | critical | — | 9.5 | — | Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||
| CVE-2017-5373 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be explo… | |||
| CVE-2017-5382 | critical | — | 9.5 | — | Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vu… | |||
| CVE-2017-5459 | critical | — | 9.5 | — | A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox… | |||
| CVE-2017-5453 | critical | — | 9.5 | — | A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing bu… | |||
| CVE-2017-5438 | critical | — | 9.5 | — | A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affe… | |||
| CVE-2017-7828 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during th… | |||
| CVE-2017-15392 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7000 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5432 | critical | — | 9.5 | — | A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR … | |||
| CVE-2017-7838 | critical | — | 9.5 | — | Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed … | |||
| CVE-2017-7771 | critical | — | 9.5 | — | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. | |||
| CVE-2017-5374 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary… | |||
| CVE-2017-5413 | critical | — | 9.5 | — | A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||
| CVE-2017-5430 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these c… | |||
| CVE-2017-5418 | critical | — | 9.5 | — | An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set … | |||
| CVE-2017-7780 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-7801 | critical | — | 9.5 | — | A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potenti… | |||
| CVE-2017-7827 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-5469 | critical | — | 9.5 | — | Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||
| CVE-2017-5464 | critical | — | 9.5 | — | During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. T… | |||
| CVE-2017-5456 | critical | — | 9.5 | — | A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. T… | |||
| CVE-2017-5377 | critical | — | 9.5 | — | A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51. | |||
| CVE-2017-5466 | critical | — | 9.5 | — | If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set in… | |||
| CVE-2017-5458 | critical | — | 9.5 | — | When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themsel… | |||
| CVE-2017-7757 | critical | — | 9.5 | — | A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerab… | |||
| CVE-2017-5437 | critical | — | 9.5 | — | multiple issues in firefox | |||
| CVE-2017-7842 | critical | — | 9.5 | — | If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of … | |||
| CVE-2017-12374 | critical | — | 9.5 | — | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device… | |||
| CVE-2017-7834 | critical | — | 9.5 | — | A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions … | |||
| CVE-2017-5129 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5448 | critical | — | 9.5 | — | An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechan… | |||
| CVE-2017-15391 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5435 | critical | — | 9.5 | — | A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderb… | |||
| CVE-2017-5442 | critical | — | 9.5 | — | A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45… | |||
| CVE-2017-15423 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5441 | critical | — | 9.5 | — | A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firef… | |||
| CVE-2017-7808 | critical | — | 9.5 | — | A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information … | |||
| CVE-2017-7798 | critical | — | 9.5 | — | The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when open… | |||
| CVE-2017-15409 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5133 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5132 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15422 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5127 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7797 | critical | — | 9.5 | — | Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerabilit… | |||
| CVE-2017-15386 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15419 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7789 | critical | — | 9.5 | — | If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connectio… | |||
| CVE-2017-7809 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This … | |||
| CVE-2017-15412 | critical | — | 9.5 | 9y ago | Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2017-14000 | critical | 9.4 | 9.4 | 9y ago | An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a mal… | |||
| CVE-2017-9630 | critical | 9.4 | 9.4 | 9y ago | An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpr… | |||
| CVE-2017-14854 | critical | 9.1 | 9.1 | 7y ago | A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25. | |||
| CVE-2017-16727 | critical | 9.1 | 9.1 | 9y ago | A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user c… | |||
| CVE-2017-15524 | critical | 9.1 | 9.1 | 9y ago | The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. | |||
| CVE-2017-14090 | critical | 9.1 | 9.1 | 9y ago | A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. | |||
| CVE-2017-14590 | critical | 9.1 | 9.1 | 9y ago | Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has… | |||
| CVE-2017-15896 | critical | 9.1 | 9.1 | 9y ago | Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application dat… | |||
| CVE-2017-13150 | critical | 9.1 | 9.1 | 9y ago | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132. | |||
| CVE-2017-13149 | critical | 9.1 | 9.1 | 9y ago | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872. | |||
| CVE-2017-0879 | critical | 9.1 | 9.1 | 9y ago | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028. | |||
| CVE-2017-14487 | critical | 9.1 | 9.1 | 9y ago | The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, use… | |||
| CVE-2017-10861 | critical | 9.1 | 9.1 | 9y ago | Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command. | |||
| CVE-2017-0854 | critical | 9.1 | 9.1 | 9y ago | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837. | |||
| CVE-2017-0853 | critical | 9.1 | 9.1 | 9y ago | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644. | |||
| CVE-2017-5738 | critical | 9.1 | 9.1 | 9y ago | Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or inform… | |||
| CVE-2017-8807 | critical | 9.1 | 9.1 | 9y ago | vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a V… | |||
| CVE-2017-15535 | critical | 9.1 | 9.1 | 9y ago | MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enab… | |||
| CVE-2017-1000257 | critical | 9.1 | 9.1 | 9y ago | An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer … | |||
| CVE-2017-15597 | critical | 9.1 | 9.1 | 9y ago | An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not mat… | |||
| CVE-2017-10330 | critical | 9.1 | 9.1 | 9y ago | Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Gantt Server). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and … |