CVEs from 2017
Total
11,606
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18250 | unknown | — | — | — | An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LogOpenCLBuildFailure in MagickCore/opencl.c, which allows attackers to cause a denial… | |||
| CVE-2017-18211 | unknown | — | — | — | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLK… | |||
| CVE-2017-18209 | unknown | — | — | — | In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to Ge… | |||
| CVE-2017-18029 | unknown | — | — | — | In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-18028 | unknown | — | — | — | In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-18008 | unknown | — | — | — | In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. | |||
| CVE-2017-1000476 | unknown | — | — | — | ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-1000445 | unknown | — | — | — | ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service | |||
| CVE-2017-3224 | unknown | — | — | — | Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two i… | |||
| CVE-2017-7845 | unknown | — | — | — | A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the libr… | |||
| CVE-2017-7825 | unknown | — | — | — | Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only… | |||
| CVE-2017-7820 | unknown | — | — | — | The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possi… | |||
| CVE-2017-7821 | unknown | — | — | — | A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open a… | |||
| CVE-2017-7813 | unknown | — | — | — | Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a lim… | |||
| CVE-2017-7812 | unknown | — | — | — | If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open… | |||
| CVE-2017-7811 | unknown | — | — | — | Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-7796 | unknown | — | — | — | On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line … | |||
| CVE-2017-7790 | unknown | — | — | — | On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially cont… | |||
| CVE-2017-7768 | unknown | — | — | — | The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided b… | |||
| CVE-2017-7766 | unknown | — | — | — | An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and… | |||
| CVE-2017-7763 | unknown | — | — | — | Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS… | |||
| CVE-2017-12163 | unknown | — | — | — | An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server … | |||
| CVE-2017-5462 | unknown | — | — | — | A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue t… | |||
| CVE-2017-5450 | unknown | — | — | — | A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed … | |||
| CVE-2017-5411 | unknown | — | — | — | A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leadin… | |||
| CVE-2017-5409 | unknown | — | — | — | The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which… | |||
| CVE-2017-5395 | unknown | — | — | — | Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed corre… | |||
| CVE-2017-5392 | unknown | — | — | — | Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes.… | |||
| CVE-2017-12087 | unknown | — | — | — | An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with… | |||
| CVE-2017-16816 | unknown | — | — | — | The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before 8.7.5 allows remote authenticated users to cause a denial of service (daemon crash) by leveraging use of GSI and VOMS extensions. | |||
| CVE-2017-18641 | unknown | — | — | — | In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers. | |||
| CVE-2017-20004 | unknown | — | — | — | In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues th… | |||
| CVE-2017-18267 | unknown | — | — | — | The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by … | |||
| CVE-2017-1000456 | unknown | — | — | — | freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | |||
| CVE-2017-9109 | unknown | — | — | — | An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at t… | |||
| CVE-2017-9108 | unknown | — | — | — | An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r… | |||
| CVE-2017-9105 | unknown | — | — | — | An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code… | |||
| CVE-2017-9107 | unknown | — | — | — | An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel wou… | |||
| CVE-2017-18253 | unknown | — | — | — | An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of … | |||
| CVE-2017-7755 | unknown | — | — | — | The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with el… | |||
| CVE-2017-7767 | unknown | — | — | — | The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privile… | |||
| CVE-2017-7782 | unknown | — | — | — | An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating sys… | |||
| CVE-2017-7804 | unknown | — | — | — | The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location i… | |||
| CVE-2017-5452 | unknown | — | — | — | Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack … | |||
| CVE-2017-18265 | unknown | — | — | — | Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket pa… | |||
| CVE-2017-5394 | unknown | — | — | — | A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue… | |||
| CVE-2017-5463 | unknown | — | — | — | Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This a… | |||
| CVE-2017-7760 | unknown | — | — | — | The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing … | |||
| CVE-2017-7519 | unknown | — | — | — | In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library. | |||
| CVE-2017-7761 | unknown | — | — | — | The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), p… | |||
| CVE-2017-7815 | unknown | — | — | — | On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the… | |||
| CVE-2017-7816 | unknown | — | — | — | WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56. | |||
| CVE-2017-7817 | unknown | — | — | — | A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actua… | |||
| CVE-2017-7822 | unknown | — | — | — | The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authenti… | |||
| CVE-2017-12179 | unknown | — | — | — | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-7376 | unknown | — | — | — | Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. | |||
| CVE-2017-12108 | unknown | — | — | — | An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption re… | |||
| CVE-2017-5397 | unknown | — | — | — | The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious applicati… | |||
| CVE-2017-7844 | unknown | — | — | — | A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow … | |||
| CVE-2017-7153 | unknown | — | — | — | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |||
| CVE-2017-15108 | unknown | — | — | — | spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary comm… | |||
| CVE-2017-12150 | unknown | — | — | — | It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-… | |||
| CVE-2017-5425 | unknown | — | — | — | The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could … | |||
| CVE-2017-2630 | unknown | — | — | — | A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a '… | |||
| CVE-2017-12182 | unknown | — | — | — | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-12187 | unknown | — | — | — | xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||
| CVE-2017-7375 | unknown | — | — | — | A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD … | |||
| CVE-2017-20189 | unknown | — | — | 2y ago | Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization | |||
| CVE-2017-20151 | unknown | — | — | 4y ago | iText RUPS XML External Entity vulnerability | |||
| CVE-2017-15683 | unknown | — | — | 4y ago | XML injection in Crafter CMS | |||
| CVE-2017-15682 | unknown | — | — | 4y ago | Cross site scripting in Crafter CMS | |||
| CVE-2017-15680 | unknown | — | — | 4y ago | Missing Authorization in Crafter CMS | |||
| CVE-2017-11365 | unknown | — | — | 4y ago | Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The compo… | |||
| CVE-2017-12622 | unknown | — | — | 4y ago | Apache Geode gfsh authorization vulnerability | |||
| CVE-2017-9796 | unknown | — | — | 4y ago | Apache Geode OQL bind parameter vulnerability | |||
| CVE-2017-15717 | unknown | — | — | 4y ago | Cross-site Scripting in Apache Sling XSS Protection API | |||
| CVE-2017-3158 | unknown | — | — | 4y ago | Apache Guacamole Race Condition vulnerability | |||
| CVE-2017-1000397 | unknown | — | — | 4y ago | MitM on Jenkins Maven Plugin | |||
| CVE-2017-1000402 | unknown | — | — | 4y ago | Jenkins Swarm Plugin Client vulnerable to man-in-the-middle attacks | |||
| CVE-2017-1000404 | unknown | — | — | 4y ago | Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability | |||
| CVE-2017-1000505 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin | |||
| CVE-2017-1000389 | unknown | — | — | 4y ago | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin | |||
| CVE-2017-1000503 | unknown | — | — | 4y ago | Race Condition in Jenkins | |||
| CVE-2017-15697 | unknown | — | — | 4y ago | Apache NiFi XSS issue in context path handling | |||
| CVE-2017-1000502 | unknown | — | — | 4y ago | Arbitrary shell command execution in Jenkins EC2 Plugin | |||
| CVE-2017-12632 | unknown | — | — | 4y ago | Apache NiFi host header poisoning issue | |||
| CVE-2017-15712 | unknown | — | — | 4y ago | Path Traversal in Apache Oozie | |||
| CVE-2017-15696 | unknown | — | — | 4y ago | Apache Geode configuration request authorization vulnerability | |||
| CVE-2017-15693 | unknown | — | — | 4y ago | Apache Geode unsafe deserialization of application objects | |||
| CVE-2017-15692 | unknown | — | — | 4y ago | Apache Geode unsafe deserialization in TcpServer | |||
| CVE-2017-1000425 | unknown | — | — | 4y ago | Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page | |||
| CVE-2017-16790 | unknown | — | — | 4y ago | An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST … | |||
| CVE-2017-16652 | unknown | — | — | 4y ago | An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler t… | |||
| CVE-2017-16654 | unknown | — | — | 4y ago | An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the … | |||
| CVE-2017-15706 | unknown | — | — | 4y ago | As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorit… | |||
| CVE-2017-1000504 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2017-1000399 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2017-1000401 | unknown | — | — | 4y ago | Improper Input Validation in Jenkins | |||
| CVE-2017-1000398 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2017-1000396 | unknown | — | — | 4y ago | Improper Certificate Validation in Jenkins |