CVEs from 2017
Total
11,606
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5166 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device. | |||
| CVE-2017-5159 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succ… | |||
| CVE-2017-5154 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack… | |||
| CVE-2017-5144 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions wi… | |||
| CVE-2017-5140 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text. | |||
| CVE-2017-5139 | critical | 9.8 | 9.8 | 9y ago | An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a speci… | |||
| CVE-2017-5954 | critical | 9.8 | 9.8 | 10y ago | Code Execution Through IIFE in serialize-to-js | |||
| CVE-2017-5953 | critical | 9.8 | 9.8 | 10y ago | vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer over… | |||
| CVE-2017-5180 | high | 8.8 | 9.8 | 10y ago | Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users … | |||
| CVE-2017-3807 | high | 8.8 | 9.8 | 10y ago | A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause… | |||
| CVE-2017-2765 | critical | 9.8 | 9.8 | 10y ago | EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to com… | |||
| CVE-2017-5677 | critical | 9.8 | 9.8 | 10y ago | PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression. | |||
| CVE-2017-5879 | critical | 9.8 | 9.8 | 10y ago | An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to… | |||
| CVE-2017-2768 | critical | 9.8 | 9.8 | 10y ago | EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contai… | |||
| CVE-2017-2767 | critical | 9.8 | 9.8 | 10y ago | EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contai… | |||
| CVE-2017-2766 | critical | 9.8 | 9.8 | 10y ago | EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified pas… | |||
| CVE-2017-5600 | critical | 9.8 | 9.8 | 10y ago | The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account. | |||
| CVE-2017-5219 | critical | 9.8 | 9.8 | 10y ago | An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided funct… | |||
| CVE-2017-3792 | critical | 9.8 | 9.8 | 10y ago | A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or … | |||
| CVE-2017-3823 | high | 8.8 | 9.8 | 10y ago | An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plug… | |||
| CVE-2017-5611 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected… | |||
| CVE-2017-5486 | critical | 9.8 | 9.8 | 10y ago | The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). | |||
| CVE-2017-5485 | critical | 9.8 | 9.8 | 10y ago | The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap(). | |||
| CVE-2017-5484 | critical | 9.8 | 9.8 | 10y ago | The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print(). | |||
| CVE-2017-5483 | critical | 9.8 | 9.8 | 10y ago | The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse(). | |||
| CVE-2017-5482 | critical | 9.8 | 9.8 | 10y ago | The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575. | |||
| CVE-2017-5342 | critical | 9.8 | 9.8 | 10y ago | In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). | |||
| CVE-2017-5341 | critical | 9.8 | 9.8 | 10y ago | The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). | |||
| CVE-2017-5205 | critical | 9.8 | 9.8 | 10y ago | The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). | |||
| CVE-2017-5204 | critical | 9.8 | 9.8 | 10y ago | The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). | |||
| CVE-2017-5203 | critical | 9.8 | 9.8 | 10y ago | The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). | |||
| CVE-2017-5202 | critical | 9.8 | 9.8 | 10y ago | The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). | |||
| CVE-2017-3266 | critical | 9.8 | 9.8 | 10y ago | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitabl… | |||
| CVE-2017-5569 | critical | 9.8 | 9.8 | 10y ago | An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP… | |||
| CVE-2017-5575 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. | |||
| CVE-2017-5574 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. | |||
| CVE-2017-5543 | critical | 9.8 | 9.8 | 10y ago | Subrion CMS PHP Object Injection | |||
| CVE-2017-5519 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2017-5517 | critical | 9.8 | 9.8 | 10y ago | SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. | |||
| CVE-2017-5473 | high | 8.8 | 9.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user… | |||
| CVE-2017-5340 | critical | 9.8 | 9.8 | 10y ago | Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial o… | |||
| CVE-2017-2935 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitra… | |||
| CVE-2017-2934 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execut… | |||
| CVE-2017-2933 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2932 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution. | |||
| CVE-2017-2931 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code exe… | |||
| CVE-2017-2930 | high | 8.8 | 9.8 | 10y ago | Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead … | |||
| CVE-2017-5005 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to … | |||
| CVE-2017-14589 | critical | 9.6 | 9.6 | 9y ago | It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that … | |||
| CVE-2017-12372 | critical | 9.6 | 9.6 | 9y ago | A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.… | |||
| CVE-2017-12371 | critical | 9.6 | 9.6 | 9y ago | A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.… | |||
| CVE-2017-12370 | critical | 9.6 | 9.6 | 9y ago | A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.… | |||
| CVE-2017-12369 | critical | 9.6 | 9.6 | 9y ago | A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remot… | |||
| CVE-2017-12368 | critical | 9.6 | 9.6 | 9y ago | A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.… | |||
| CVE-2017-12367 | critical | 9.6 | 9.6 | 9y ago | A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A r… | |||
| CVE-2017-3891 | critical | 9.6 | 9.6 | 9y ago | In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more Q… | |||
| CVE-2017-5053 | critical | 9.6 | 9.6 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2017-15644 | high | 8.6 | 9.6 | 9y ago | SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | |||
| CVE-2017-10346 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u14… | |||
| CVE-2017-10285 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. E… | |||
| CVE-2017-10111 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploit… | |||
| CVE-2017-10110 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthe… | |||
| CVE-2017-10107 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easi… | |||
| CVE-2017-10101 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Eas… | |||
| CVE-2017-10096 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Eas… | |||
| CVE-2017-10090 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easil… | |||
| CVE-2017-10089 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows una… | |||
| CVE-2017-10087 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131… | |||
| CVE-2017-10086 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthentic… | |||
| CVE-2017-3882 | critical | 9.6 | 9.6 | 9y ago | A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or … | |||
| CVE-2017-3510 | critical | 9.6 | 9.6 | 9y ago | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily "exploitable" v… | |||
| CVE-2017-3289 | critical | 9.6 | 9.6 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily … | |||
| CVE-2017-3272 | critical | 9.6 | 9.6 | 10y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111… | |||
| CVE-2017-5396 | critical | — | 9.5 | — | A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 4… | |||
| CVE-2017-5400 | critical | — | 9.5 | — | JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox … | |||
| CVE-2017-15386 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5449 | critical | — | 9.5 | — | A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, … | |||
| CVE-2017-7780 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-5412 | critical | — | 9.5 | — | A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||
| CVE-2017-15394 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5390 | critical | — | 9.5 | — | The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vul… | |||
| CVE-2017-5389 | critical | — | 9.5 | — | WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. Thi… | |||
| CVE-2017-7818 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable… | |||
| CVE-2017-7754 | critical | — | 9.5 | — | An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||
| CVE-2017-5393 | critical | — | 9.5 | — | The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions… | |||
| CVE-2017-7828 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during th… | |||
| CVE-2017-15393 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-12375 | critical | — | 9.5 | — | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device… | |||
| CVE-2017-5408 | critical | — | 9.5 | — | Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This… | |||
| CVE-2017-5383 | critical | — | 9.5 | — | URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability a… | |||
| CVE-2017-5432 | critical | — | 9.5 | — | A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR … | |||
| CVE-2017-7776 | critical | — | 9.5 | — | Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. | |||
| CVE-2017-7824 | critical | — | 9.5 | — | A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks … | |||
| CVE-2017-7840 | critical | — | 9.5 | — | JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this… | |||
| CVE-2017-7809 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This … | |||
| CVE-2017-15422 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7774 | critical | — | 9.5 | — | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. | |||
| CVE-2017-7802 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exp… | |||
| CVE-2017-12378 | critical | — | 9.5 | — | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Th… | |||
| CVE-2017-5419 | critical | — | 9.5 | — | If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of servi… |