Max CVSS 10.0 Min CVSS 1.5 Total Count72
IDCVSSSummaryLast (major) updatePublished
CVE-2017-7777 6.8
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.
15-04-2019 - 08:31 15-04-2019 - 08:31
CVE-2017-7776 5.8
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.
15-04-2019 - 08:31 15-04-2019 - 08:31
CVE-2017-7774 6.4
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.
15-04-2019 - 08:31 15-04-2019 - 08:31
CVE-2017-7773 6.8
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
15-04-2019 - 08:31 15-04-2019 - 08:31
CVE-2017-7771 5.8
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
15-04-2019 - 08:31 15-04-2019 - 08:31
CVE-2017-7772 6.8
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
12-04-2019 - 14:29 12-04-2019 - 14:29
CVE-2017-3141 7.2
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3140 4.3
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-7514 3.5
A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.
30-07-2018 - 11:29 30-07-2018 - 11:29
CVE-2017-2595 4.0
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
27-07-2018 - 11:29 27-07-2018 - 11:29
CVE-2017-7481 7.5
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting
19-07-2018 - 09:29 19-07-2018 - 09:29
CVE-2017-7466 8.5
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could
22-06-2018 - 09:29 22-06-2018 - 09:29
CVE-2017-7778 7.5
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7764 5.0
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confus
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7758 6.4
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7757 7.5
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7756 7.5
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7754 5.0
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7752 6.8
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigge
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7751 7.5
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7750 7.5
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Fire
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7749 7.5
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5472 7.5
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5470 7.5
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5089 4.3
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.
27-10-2017 - 01:29 27-10-2017 - 01:29
CVE-2017-5088 6.8
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
27-10-2017 - 01:29 27-10-2017 - 01:29
CVE-2017-5087 6.8
A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape.
27-10-2017 - 01:29 27-10-2017 - 01:29
CVE-2016-6796 5.0
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for t
10-08-2017 - 22:29 10-08-2017 - 22:29
CVE-2016-5018 5.0
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applica
10-08-2017 - 12:29 10-08-2017 - 12:29
CVE-2017-7659 5.0
A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process.
26-07-2017 - 17:29 26-07-2017 - 17:29
CVE-2017-7512 7.5
Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE
07-07-2017 - 18:29 07-07-2017 - 18:29
CVE-2017-7522 4.0
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.
27-06-2017 - 09:29 27-06-2017 - 09:29
CVE-2017-7521 4.3
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
27-06-2017 - 09:29 27-06-2017 - 09:29
CVE-2017-7520 4.0
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
27-06-2017 - 09:29 27-06-2017 - 09:29
CVE-2017-7508 5.0
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.
27-06-2017 - 09:29 27-06-2017 - 09:29
CVE-2017-3631 4.6
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where S
22-06-2017 - 09:29 22-06-2017 - 09:29
CVE-2017-3630 4.6
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure w
22-06-2017 - 09:29 22-06-2017 - 09:29
CVE-2017-3629 7.2
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure w
22-06-2017 - 09:29 22-06-2017 - 09:29
CVE-2017-9774 6.5
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
21-06-2017 - 14:29 21-06-2017 - 14:29
CVE-2017-9773 4.3
Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver.
21-06-2017 - 14:29 21-06-2017 - 14:29
CVE-2017-7679 7.5
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
19-06-2017 - 21:29 19-06-2017 - 21:29
CVE-2017-7668 7.5
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacke
19-06-2017 - 21:29 19-06-2017 - 21:29
CVE-2017-3169 7.5
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
19-06-2017 - 21:29 19-06-2017 - 21:29
CVE-2017-3167 7.5
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
19-06-2017 - 21:29 19-06-2017 - 21:29
CVE-2017-1000376 6.9
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version
19-06-2017 - 12:29 19-06-2017 - 12:29
CVE-2017-1000364 6.2
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the
19-06-2017 - 12:29 19-06-2017 - 12:29
CVE-2017-9736 7.5
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
17-06-2017 - 12:29 17-06-2017 - 12:29
CVE-2017-6640 10.0
A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account c
08-06-2017 - 09:29 08-06-2017 - 09:29
CVE-2017-6639 10.0
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on
08-06-2017 - 09:29 08-06-2017 - 09:29
CVE-2017-6512 4.3
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
01-06-2017 - 12:29 01-06-2017 - 12:29
CVE-2017-7502 5.0
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
30-05-2017 - 14:29 30-05-2017 - 14:29
CVE-2017-8929 5.0
The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.
14-05-2017 - 18:29 14-05-2017 - 18:29
CVE-2017-3309 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privi
03-05-2017 - 12:16 24-04-2017 - 15:59
CVE-2017-3453 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privi
03-05-2017 - 12:15 24-04-2017 - 15:59
CVE-2017-3456 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged
03-05-2017 - 11:12 24-04-2017 - 15:59
CVE-2017-3308 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged
03-05-2017 - 11:11 24-04-2017 - 15:59
CVE-2017-3464 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged
03-05-2017 - 07:45 24-04-2017 - 15:59
CVE-2016-10210 5.0
libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.
01-05-2017 - 21:59 03-04-2017 - 01:59
CVE-2017-7892 5.0
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An e
25-04-2017 - 14:53 17-04-2017 - 17:59
CVE-2016-4492 4.3
Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary.
27-02-2017 - 10:43 24-02-2017 - 15:59
CVE-2016-4491 4.3
The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itsel
27-02-2017 - 10:43 24-02-2017 - 15:59
CVE-2016-4490 4.3
Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths.
27-02-2017 - 10:42 24-02-2017 - 15:59
CVE-2016-4489 4.3
Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of virtual tables."
27-02-2017 - 10:41 24-02-2017 - 15:59
CVE-2016-4487 4.3
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec."
27-02-2017 - 10:41 24-02-2017 - 15:59
CVE-2016-4488 4.3
Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec."
27-02-2017 - 10:38 24-02-2017 - 15:59
CVE-2016-2226 6.8
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
27-02-2017 - 10:02 24-02-2017 - 15:59
CVE-2016-4493 4.3
The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.
27-02-2017 - 09:41 24-02-2017 - 15:59
CVE-2016-6131 5.0
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types.
09-02-2017 - 17:28 07-02-2017 - 10:59
CVE-2017-3238 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privile
31-01-2017 - 10:31 27-01-2017 - 17:59
CVE-2017-3313 1.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileg
31-01-2017 - 08:52 27-01-2017 - 17:59
CVE-2016-4997 7.2
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-contai
02-12-2016 - 22:27 03-07-2016 - 17:59
CVE-2013-7458 2.1
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
28-11-2016 - 14:10 10-08-2016 - 10:59
Back to Top Mark selected
Back to Top