CVEs from 2017
Total
11,607
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7830 | critical | — | 9.5 | — | The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability aff… | |||
| CVE-2017-7831 | critical | — | 9.5 | — | A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unav… | |||
| CVE-2017-7832 | critical | — | 9.5 | — | The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed… | |||
| CVE-2017-7833 | critical | — | 9.5 | — | Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character … | |||
| CVE-2017-7764 | critical | — | 9.5 | — | Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for do… | |||
| CVE-2017-7836 | critical | — | 9.5 | — | The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl… | |||
| CVE-2017-7839 | critical | — | 9.5 | — | Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This … | |||
| CVE-2017-7824 | critical | — | 9.5 | — | A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks … | |||
| CVE-2017-7773 | critical | — | 9.5 | — | Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. | |||
| CVE-2017-7840 | critical | — | 9.5 | — | JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this… | |||
| CVE-2017-7771 | critical | — | 9.5 | — | Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function. | |||
| CVE-2017-7823 | critical | — | 9.5 | — | The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could all… | |||
| CVE-2017-7819 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable… | |||
| CVE-2017-7814 | critical | — | 9.5 | — | File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files.… | |||
| CVE-2017-5130 | critical | — | 9.5 | — | An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a c… | |||
| CVE-2017-7810 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploit… | |||
| CVE-2017-7806 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefo… | |||
| CVE-2017-7805 | critical | — | 9.5 | — | During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space a… | |||
| CVE-2017-7818 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable… | |||
| CVE-2017-7803 | critical | — | 9.5 | — | When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbi… | |||
| CVE-2017-7807 | critical | — | 9.5 | — | A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifes… | |||
| CVE-2017-7802 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exp… | |||
| CVE-2017-15409 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5133 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5132 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15422 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15386 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15419 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5127 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15395 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7800 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulne… | |||
| CVE-2017-15393 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7799 | critical | — | 9.5 | — | JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficul… | |||
| CVE-2017-7794 | critical | — | 9.5 | — | On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no wr… | |||
| CVE-2017-7793 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affect… | |||
| CVE-2017-7792 | critical | — | 9.5 | — | A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. T… | |||
| CVE-2017-7791 | critical | — | 9.5 | — | On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert fr… | |||
| CVE-2017-7788 | critical | — | 9.5 | — | When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandb… | |||
| CVE-2017-7787 | critical | — | 9.5 | — | Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. Thi… | |||
| CVE-2017-7786 | critical | — | 9.5 | — | A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Fir… | |||
| CVE-2017-7785 | critical | — | 9.5 | — | A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thund… | |||
| CVE-2017-7784 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerabil… | |||
| CVE-2017-7781 | critical | — | 9.5 | — | An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle atta… | |||
| CVE-2017-7779 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of the… | |||
| CVE-2017-7758 | critical | — | 9.5 | — | An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52… | |||
| CVE-2017-7756 | critical | — | 9.5 | — | A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firef… | |||
| CVE-2017-7754 | critical | — | 9.5 | — | An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||
| CVE-2017-7753 | critical | — | 9.5 | — | An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefo… | |||
| CVE-2017-7752 | critical | — | 9.5 | — | A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash bu… | |||
| CVE-2017-7751 | critical | — | 9.5 | — | A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||
| CVE-2017-7750 | critical | — | 9.5 | — | A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially… | |||
| CVE-2017-7749 | critical | — | 9.5 | — | A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < … | |||
| CVE-2017-5470 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploit… | |||
| CVE-2017-5468 | critical | — | 9.5 | — | An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vul… | |||
| CVE-2017-5129 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5467 | critical | — | 9.5 | — | A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and… | |||
| CVE-2017-15391 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15392 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15411 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15389 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5460 | critical | — | 9.5 | — | A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability… | |||
| CVE-2017-7000 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7838 | critical | — | 9.5 | — | Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed … | |||
| CVE-2017-5455 | critical | — | 9.5 | — | The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution i… | |||
| CVE-2017-5454 | critical | — | 9.5 | — | A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This all… | |||
| CVE-2017-5451 | critical | — | 9.5 | — | A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to b… | |||
| CVE-2017-15417 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15418 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5449 | critical | — | 9.5 | — | A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, … | |||
| CVE-2017-5445 | critical | — | 9.5 | — | A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arra… | |||
| CVE-2017-15420 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15424 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15427 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15425 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5443 | critical | — | 9.5 | — | An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||
| CVE-2017-15426 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5440 | critical | — | 9.5 | — | A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist.… | |||
| CVE-2017-5439 | critical | — | 9.5 | — | A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Fire… | |||
| CVE-2017-5436 | critical | — | 9.5 | — | An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as… | |||
| CVE-2017-5433 | critical | — | 9.5 | — | A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a poten… | |||
| CVE-2017-5429 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th… | |||
| CVE-2017-5444 | critical | — | 9.5 | — | A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from mem… | |||
| CVE-2017-5427 | critical | — | 9.5 | — | A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced f… | |||
| CVE-2017-5426 | critical | — | 9.5 | — | On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox … | |||
| CVE-2017-5422 | critical | — | 9.5 | — | If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer … | |||
| CVE-2017-5421 | critical | — | 9.5 | — | A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < … | |||
| CVE-2017-15408 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15423 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5420 | critical | — | 9.5 | — | A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious pag… | |||
| CVE-2017-5380 | critical | — | 9.5 | — | A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | |||
| CVE-2017-5381 | critical | — | 9.5 | — | The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe loca… | |||
| CVE-2017-5419 | critical | — | 9.5 | — | If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of servi… | |||
| CVE-2017-5383 | critical | — | 9.5 | — | URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability a… | |||
| CVE-2017-5393 | critical | — | 9.5 | — | The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions… | |||
| CVE-2017-5402 | critical | — | 9.5 | — | A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. Th… | |||
| CVE-2017-5414 | critical | — | 9.5 | — | The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or … | |||
| CVE-2017-5417 | critical | — | 9.5 | — | When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match t… | |||
| CVE-2017-5418 | critical | — | 9.5 | — | An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set … | |||
| CVE-2017-5430 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these c… | |||
| CVE-2017-5432 | critical | — | 9.5 | — | A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR … |