CVEs from 2017
Total
11,681
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7838 | critical | — | 9.5 | — | Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed … | |||
| CVE-2017-12374 | critical | — | 9.5 | — | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device… | |||
| CVE-2017-7824 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7803 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-5386 | critical | — | 9.5 | — | WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensio… | |||
| CVE-2017-5436 | critical | — | 9.5 | — | An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as… | |||
| CVE-2017-7791 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7777 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-12375 | critical | — | 9.5 | — | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device… | |||
| CVE-2017-5429 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort th… | |||
| CVE-2017-5442 | critical | — | 9.5 | — | A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45… | |||
| CVE-2017-5438 | critical | — | 9.5 | — | A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affe… | |||
| CVE-2017-5439 | critical | — | 9.5 | — | A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Fire… | |||
| CVE-2017-7789 | critical | — | 9.5 | — | If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connectio… | |||
| CVE-2017-5430 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these c… | |||
| CVE-2017-15417 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15398 | critical | — | 9.5 | — | arbitrary code execution in chromium | |||
| CVE-2017-5434 | critical | — | 9.5 | — | A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR … | |||
| CVE-2017-12380 | critical | — | 9.5 | — | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Th… | |||
| CVE-2017-7794 | critical | — | 9.5 | — | On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no wr… | |||
| CVE-2017-15396 | critical | — | 9.5 | — | arbitrary code execution in chromium | |||
| CVE-2017-15425 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7798 | critical | — | 9.5 | — | The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when open… | |||
| CVE-2017-15394 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5125 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7780 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-5382 | critical | — | 9.5 | — | Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vu… | |||
| CVE-2017-5128 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5467 | critical | — | 9.5 | — | A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and… | |||
| CVE-2017-5414 | critical | — | 9.5 | — | The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or … | |||
| CVE-2017-15407 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15426 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7776 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7774 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7764 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7773 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7772 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7771 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7758 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7757 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-15409 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5133 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5132 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15422 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15386 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15419 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5130 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5127 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15395 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15393 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7751 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7750 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-5472 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-5405 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-5380 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-5378 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-5373 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-15410 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7828 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7809 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7802 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7792 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7779 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-5416 | critical | — | 9.5 | — | In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 5… | |||
| CVE-2017-7830 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7826 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7819 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7814 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7810 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7807 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7801 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7800 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7787 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7785 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7786 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7784 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7753 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7778 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7752 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7749 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-5410 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-5396 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-5383 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2017-7781 | critical | — | 9.5 | — | An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle atta… | |||
| CVE-2017-7797 | critical | — | 9.5 | — | Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerabilit… | |||
| CVE-2017-5126 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15399 | critical | — | 9.5 | — | arbitrary code execution in chromium | |||
| CVE-2017-15415 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-5131 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15390 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-15388 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2017-7839 | critical | — | 9.5 | — | Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This … | |||
| CVE-2017-7827 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2017-7842 | critical | — | 9.5 | — | If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of … | |||
| CVE-2017-7831 | critical | — | 9.5 | — | A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unav… | |||
| CVE-2017-7833 | critical | — | 9.5 | — | Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character … | |||
| CVE-2017-7832 | critical | — | 9.5 | — | The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed… | |||
| CVE-2017-7837 | critical | — | 9.5 | — | SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57. | |||
| CVE-2017-7835 | critical | — | 9.5 | — | Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked,… | |||
| CVE-2017-7834 | critical | — | 9.5 | — | A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions … |