CVEs from 2017
Total
11,615
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6544 | medium | 6.1 | 6.1 | 9y ago | Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter). | |||
| CVE-2017-6541 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagete… | |||
| CVE-2017-6540 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (configs) passed to the webpagetest-maste… | |||
| CVE-2017-6539 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagete… | |||
| CVE-2017-6538 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (video) passed to the webpagetest-master/www/speedi… | |||
| CVE-2017-6537 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/vide… | |||
| CVE-2017-6536 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (url, pssid) passed to the webpagetest-ma… | |||
| CVE-2017-6535 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetes… | |||
| CVE-2017-6534 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (pssid) passed to the webpagetest-master/www/pss.ph… | |||
| CVE-2017-6533 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (benchmark) passed to the webpagetest-master/www/be… | |||
| CVE-2017-6518 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter. | |||
| CVE-2017-6511 | medium | 6.1 | 6.1 | 9y ago | andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php. | |||
| CVE-2017-6509 | medium | 6.1 | 6.1 | 9y ago | Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter). | |||
| CVE-2017-6508 | medium | 6.1 | 6.1 | 9y ago | CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. | |||
| CVE-2017-5197 | medium | 6.1 | 6.1 | 9y ago | Silverstripe CMS XSS Vulnerability | |||
| CVE-2017-6504 | medium | 6.1 | 6.1 | 9y ago | WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. | |||
| CVE-2017-6503 | medium | 6.1 | 6.1 | 9y ago | WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. | |||
| CVE-2017-6446 | medium | 6.1 | 6.1 | 9y ago | XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. | |||
| CVE-2017-6491 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to… | |||
| CVE-2017-6490 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name,… | |||
| CVE-2017-6489 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to th… | |||
| CVE-2017-6488 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-mas… | |||
| CVE-2017-6487 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to th… | |||
| CVE-2017-6486 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the "reasoncms-mast… | |||
| CVE-2017-6485 | medium | 6.1 | 6.1 | 9y ago | A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calend… | |||
| CVE-2017-6484 | medium | 6.1 | 6.1 | 9y ago | INTER-Mediator Cross-Site Scripting (XSS) | |||
| CVE-2017-6483 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes… | |||
| CVE-2017-6481 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/… | |||
| CVE-2017-6480 | medium | 6.1 | 6.1 | 9y ago | groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter). | |||
| CVE-2017-6479 | medium | 6.1 | 6.1 | 9y ago | FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter). | |||
| CVE-2017-5833 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via un… | |||
| CVE-2017-5616 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. | |||
| CVE-2017-5615 | medium | 6.1 | 6.1 | 9y ago | cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. | |||
| CVE-2017-5614 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure … | |||
| CVE-2017-5571 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License S… | |||
| CVE-2017-6103 | medium | 6.1 | 6.1 | 9y ago | Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. | |||
| CVE-2017-6102 | medium | 6.1 | 6.1 | 9y ago | Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. | |||
| CVE-2017-6397 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An a… | |||
| CVE-2017-6396 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An … | |||
| CVE-2017-6395 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execut… | |||
| CVE-2017-6394 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to the "openemr-master… | |||
| CVE-2017-6393 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An att… | |||
| CVE-2017-6392 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/admin_console/web/tools/XmlJWP… | |||
| CVE-2017-6391 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_console/web/tools/SimpleJWPlayer.php" URL, t… | |||
| CVE-2017-6390 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-mast… | |||
| CVE-2017-6099 | medium | 6.1 | 6.1 | 9y ago | PayPal PHP Merchant SDK Cross-site scripting (XSS) vulnerability | |||
| CVE-2017-3845 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a u… | |||
| CVE-2017-3840 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect V… | |||
| CVE-2017-3838 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interf… | |||
| CVE-2017-3833 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web i… | |||
| CVE-2017-3829 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack a… | |||
| CVE-2017-3828 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack a… | |||
| CVE-2017-3821 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Inform… | |||
| CVE-2017-5020 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5018 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5010 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5008 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5007 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5006 | medium | 6.1 | 6.1 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5990 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the "form" HTTP GET parameter passed to the "PhreeBooksERP… | |||
| CVE-2017-2969 | medium | 6.1 | 6.1 | 9y ago | Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability. | |||
| CVE-2017-5164 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary … | |||
| CVE-2017-5157 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be… | |||
| CVE-2017-5964 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/v… | |||
| CVE-2017-5963 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "cadd… | |||
| CVE-2017-5962 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "force_ua" HTTP GET parameter passed to the "/… | |||
| CVE-2017-5961 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/adm… | |||
| CVE-2017-5960 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/pu… | |||
| CVE-2017-5945 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET paramet… | |||
| CVE-2017-5942 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the conte… | |||
| CVE-2017-5367 | medium | 6.1 | 6.1 | 9y ago | Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute… | |||
| CVE-2017-5877 | medium | 6.1 | 6.1 | 9y ago | XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter. | |||
| CVE-2017-5876 | medium | 6.1 | 6.1 | 9y ago | XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. | |||
| CVE-2017-5882 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||
| CVE-2017-5612 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or… | |||
| CVE-2017-5608 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename. | |||
| CVE-2017-3314 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.0, 12.1.0 and 12.2.0. Ea… | |||
| CVE-2017-3300 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily e… | |||
| CVE-2017-3299 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.54 and 8.55. Easily… | |||
| CVE-2017-3298 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54 and 8.55. Easily expl… | |||
| CVE-2017-5599 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inse… | |||
| CVE-2017-3804 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent … | |||
| CVE-2017-3802 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affect… | |||
| CVE-2017-3798 | medium | 6.1 | 6.1 | 10y ago | A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS att… | |||
| CVE-2017-2929 | medium | 6.1 | 6.1 | 10y ago | Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution. | |||
| CVE-2017-5542 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-fold… | |||
| CVE-2017-2578 | medium | 6.1 | 6.1 | 10y ago | Moodle Cross-site Scripting in assignment submission page | |||
| CVE-2017-5516 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters. | |||
| CVE-2017-5490 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or… | |||
| CVE-2017-5488 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version… | |||
| CVE-2017-5474 | medium | 6.1 | 6.1 | 10y ago | Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer hea… | |||
| CVE-2017-3890 | medium | 6.1 | 6.1 | 10y ago | A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execu… | |||
| CVE-2017-1000043 | medium | 6.1 | 6.1 | 11y ago | Content Injection via TileJSON Name in mapbox.js | |||
| CVE-2017-1000042 | medium | 6.1 | 6.1 | 11y ago | Content Injection via TileJSON attribute in mapbox.js | |||
| CVE-2017-12338 | medium | 6.0 | 6.0 | 9y ago | A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validati… | |||
| CVE-2017-8189 | medium | 6.0 | 6.0 | 9y ago | FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some file… | |||
| CVE-2017-12315 | medium | 6.0 | 6.0 | 9y ago | A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restri… | |||
| CVE-2017-15596 | medium | 6.0 | 6.0 | 9y ago | An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physma… | |||
| CVE-2017-15289 | medium | 6.0 | 6.0 | 9y ago | The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors rel… | |||
| CVE-2017-12168 | medium | 6.0 | 6.0 | 9y ago | The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) b… |