CVEs from 2017
Total
11,660
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0813 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046. | |||
| CVE-2017-0808 | high | 7.5 | 7.5 | 9y ago | An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183. | |||
| CVE-2017-8018 | high | 7.5 | 7.5 | 9y ago | EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affec… | |||
| CVE-2017-1569 | high | 7.5 | 7.5 | 9y ago | IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. | |||
| CVE-2017-14979 | high | 7.5 | 7.5 | 9y ago | Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, re… | |||
| CVE-2017-13704 | high | 7.5 | 7.5 | 9y ago | In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0x… | |||
| CVE-2017-11498 | high | 7.5 | 7.5 | 9y ago | Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of se… | |||
| CVE-2017-14977 | high | 7.5 | 7.5 | 9y ago | The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to laun… | |||
| CVE-2017-14976 | high | 7.5 | 7.5 | 9y ago | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an at… | |||
| CVE-2017-14975 | high | 7.5 | 7.5 | 9y ago | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch… | |||
| CVE-2017-14797 | high | 7.5 | 7.5 | 9y ago | Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obta… | |||
| CVE-2017-14944 | high | 7.5 | 7.5 | 9y ago | Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | |||
| CVE-2017-14935 | high | 7.5 | 7.5 | 9y ago | Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. | |||
| CVE-2017-14929 | high | 7.5 | 7.5 | 9y ago | In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilin… | |||
| CVE-2017-9790 | high | 7.5 | 7.5 | 9y ago | Use after free in Apache Mesos | |||
| CVE-2017-7687 | high | 7.5 | 7.5 | 9y ago | Denial of service in Apache Mesos | |||
| CVE-2017-2551 | high | 7.5 | 7.5 | 9y ago | Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. | |||
| CVE-2017-1577 | high | 7.5 | 7.5 | 9y ago | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences … | |||
| CVE-2017-14849 | high | 7.5 | 7.5 | 9y ago | Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | |||
| CVE-2017-14841 | medium | 6.5 | 7.5 | 9y ago | Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | |||
| CVE-2017-14766 | high | 7.5 | 7.5 | 9y ago | The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php… | |||
| CVE-2017-14739 | high | 7.5 | 7.5 | 9y ago | The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL P… | |||
| CVE-2017-9962 | high | 7.5 | 7.5 | 9y ago | Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications t… | |||
| CVE-2017-14727 | high | 7.5 | 7.5 | 9y ago | denial of service in weechat | |||
| CVE-2017-14722 | high | 7.5 | 7.5 | 9y ago | Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | |||
| CVE-2017-14719 | high | 7.5 | 7.5 | 9y ago | Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | |||
| CVE-2017-9281 | high | 7.5 | 7.5 | 9y ago | An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. | |||
| CVE-2017-14646 | high | 7.5 | 7.5 | 9y ago | The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in… | |||
| CVE-2017-14629 | high | 7.5 | 7.5 | 9y ago | In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. | |||
| CVE-2017-12219 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload … | |||
| CVE-2017-14616 | high | 7.5 | 7.5 | 9y ago | An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, l… | |||
| CVE-2017-9804 | high | 7.5 | 7.5 | 9y ago | Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used | |||
| CVE-2017-9793 | high | 7.5 | 7.5 | 9y ago | The REST Plugin in Apache Struts is using an outdated XStream library | |||
| CVE-2017-14339 | high | 7.5 | 7.5 | 9y ago | The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage an… | |||
| CVE-2017-12837 | high | 7.5 | 7.5 | 9y ago | Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) v… | |||
| CVE-2017-14581 | high | 7.5 | 7.5 | 9y ago | The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. | |||
| CVE-2017-10931 | high | 7.5 | 7.5 | 9y ago | The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as syst… | |||
| CVE-2017-12616 | high | 7.5 | 7.5 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | |||
| CVE-2017-9050 | high | 7.5 | 7.5 | 9y ago | Out-of-bounds read in nokogiri | |||
| CVE-2017-9803 | high | 7.5 | 7.5 | 9y ago | Apache Solr Kerberos delegation token functionality flaws | |||
| CVE-2017-14519 | high | 7.5 | 7.5 | 9y ago | In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (… | |||
| CVE-2017-14515 | high | 7.5 | 7.5 | 9y ago | Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. | |||
| CVE-2017-14514 | high | 7.5 | 7.5 | 9y ago | Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | |||
| CVE-2017-14511 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to … | |||
| CVE-2017-14502 | high | 7.5 | 7.5 | 9y ago | RHEA-2021:1580: libarchive bug fix and enhancement update (Moderate) | |||
| CVE-2017-2299 | high | 7.5 | 7.5 | 9y ago | Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_di… | |||
| CVE-2017-10846 | high | 7.5 | 7.5 | 9y ago | Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. | |||
| CVE-2017-0785 | medium | 6.5 | 7.5 | 9y ago | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. | |||
| CVE-2017-1002151 | high | 7.5 | 7.5 | 9y ago | Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | |||
| CVE-2017-1002007 | high | 7.5 | 7.5 | 9y ago | Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | |||
| CVE-2017-1002006 | high | 7.5 | 7.5 | 9y ago | Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | |||
| CVE-2017-1002005 | high | 7.5 | 7.5 | 9y ago | Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | |||
| CVE-2017-1002004 | high | 7.5 | 7.5 | 9y ago | Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. | |||
| CVE-2017-12989 | high | 7.5 | 7.5 | 9y ago | The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). | |||
| CVE-2017-7561 | high | 7.5 | 7.5 | 9y ago | Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP | |||
| CVE-2017-14430 | high | 7.5 | 7.5 | 9y ago | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via craft… | |||
| CVE-2017-14423 | high | 7.5 | 7.5 | 9y ago | htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for rem… | |||
| CVE-2017-14422 | high | 7.5 | 7.5 | 9y ago | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different custome… | |||
| CVE-2017-14404 | high | 7.5 | 7.5 | 9y ago | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_li… | |||
| CVE-2017-8757 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge h… | |||
| CVE-2017-8756 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E… | |||
| CVE-2017-8753 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microso… | |||
| CVE-2017-8752 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edg… | |||
| CVE-2017-8750 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 16… | |||
| CVE-2017-8749 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 201… | |||
| CVE-2017-8748 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 16… | |||
| CVE-2017-8747 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows… | |||
| CVE-2017-8741 | high | 7.5 | 7.5 | 9y ago | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Go… | |||
| CVE-2017-8738 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edg… | |||
| CVE-2017-8737 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitra… | |||
| CVE-2017-8728 | high | 7.5 | 7.5 | 9y ago | Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitra… | |||
| CVE-2017-8696 | high | 7.5 | 7.5 | 9y ago | Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; … | |||
| CVE-2017-8692 | high | 7.5 | 7.5 | 9y ago | The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution … | |||
| CVE-2017-8649 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaS… | |||
| CVE-2017-11766 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft E… | |||
| CVE-2017-1162 | high | 7.5 | 7.5 | 9y ago | IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. | |||
| CVE-2017-14315 | high | 7.5 | 7.5 | 9y ago | In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with at… | |||
| CVE-2017-14240 | high | 7.5 | 7.5 | 9y ago | Dolibarr ERP and CRM Sensitive Data Disclosure | |||
| CVE-2017-14229 | high | 7.5 | 7.5 | 9y ago | There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. | |||
| CVE-2017-14227 | high | 7.5 | 7.5 | 9y ago | In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based b… | |||
| CVE-2017-14226 | high | 7.5 | 7.5 | 9y ago | WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read … | |||
| CVE-2017-2550 | high | 7.5 | 7.5 | 9y ago | Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename. | |||
| CVE-2017-6791 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affe… | |||
| CVE-2017-6780 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventual… | |||
| CVE-2017-6631 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of servi… | |||
| CVE-2017-6362 | high | 7.5 | 7.5 | 9y ago | Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | |||
| CVE-2017-1491 | high | 7.5 | 7.5 | 9y ago | IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authen… | |||
| CVE-2017-1130 | medium | 6.5 | 7.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h… | |||
| CVE-2017-1129 | medium | 6.5 | 7.5 | 9y ago | IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213… | |||
| CVE-2017-14158 | high | 7.5 | 7.5 | 9y ago | Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files … | |||
| CVE-2017-14149 | high | 7.5 | 7.5 | 9y ago | GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. | |||
| CVE-2017-14137 | high | 7.5 | 7.5 | 9y ago | ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. | |||
| CVE-2017-14120 | high | 7.5 | 7.5 | 9y ago | unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | |||
| CVE-2017-14099 | high | 7.5 | 7.5 | 9y ago | In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data di… | |||
| CVE-2017-14098 | high | 7.5 | 7.5 | 9y ago | In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. | |||
| CVE-2017-14053 | high | 7.5 | 7.5 | 9y ago | NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to captur… | |||
| CVE-2017-12874 | high | 7.5 | 7.5 | 9y ago | The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. | |||
| CVE-2017-13711 | high | 7.5 | 7.5 | 9y ago | Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properl… | |||
| CVE-2017-12869 | high | 7.5 | 7.5 | 9y ago | The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via … | |||
| CVE-2017-14063 | high | 7.5 | 7.5 | 9y ago | Improper Input Validation in async-http-client |