Max CVSS 10.0 Min CVSS 1.9 Total Count73
IDCVSSSummaryLast (major) updatePublished
CVE-2017-6922 4.0
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rathe
22-01-2019 - 10:29 22-01-2019 - 10:29
CVE-2017-3143 4.3
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. A
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-3142 4.3
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server tha
16-01-2019 - 15:29 16-01-2019 - 15:29
CVE-2017-7482 7.2
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This
30-07-2018 - 10:29 30-07-2018 - 10:29
CVE-2016-9603 9.0
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged
27-07-2018 - 17:29 27-07-2018 - 17:29
CVE-2017-7526 4.3
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 w
26-07-2018 - 09:29 26-07-2018 - 09:29
CVE-2017-7471 7.7
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside gu
09-07-2018 - 10:29 09-07-2018 - 10:29
CVE-2017-7778 7.5
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7764 5.0
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confus
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7758 6.4
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7757 7.5
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7756 7.5
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7754 5.0
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7752 6.8
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigge
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7751 7.5
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7750 7.5
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Fire
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7749 7.5
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5472 7.5
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5470 7.5
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9602 9.0
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a ho
26-04-2018 - 15:29 26-04-2018 - 15:29
CVE-2017-8380 7.5
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
28-08-2017 - 11:29 28-08-2017 - 11:29
CVE-2017-7980 4.6
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display a
25-07-2017 - 10:29 25-07-2017 - 10:29
CVE-2017-9934 4.3
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
17-07-2017 - 17:29 17-07-2017 - 17:29
CVE-2017-9933 5.0
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
17-07-2017 - 17:29 17-07-2017 - 17:29
CVE-2017-2295 6.0
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code
05-07-2017 - 11:29 05-07-2017 - 11:29
CVE-2012-6706 10.0
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurCh
22-06-2017 - 09:29 22-06-2017 - 09:29
CVE-2017-1000364 6.2
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the
19-06-2017 - 12:29 19-06-2017 - 12:29
CVE-2017-9503 1.9
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas co
16-06-2017 - 18:29 16-06-2017 - 18:29
CVE-2017-9375 1.9
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
16-06-2017 - 18:29 16-06-2017 - 18:29
CVE-2017-9374 2.1
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
16-06-2017 - 18:29 16-06-2017 - 18:29
CVE-2017-9373 1.9
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
16-06-2017 - 18:29 16-06-2017 - 18:29
CVE-2017-9128 4.3
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.
12-06-2017 - 02:29 12-06-2017 - 02:29
CVE-2017-9127 4.3
The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
12-06-2017 - 02:29 12-06-2017 - 02:29
CVE-2017-9126 4.3
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
12-06-2017 - 02:29 12-06-2017 - 02:29
CVE-2017-9125 4.3
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
12-06-2017 - 02:29 12-06-2017 - 02:29
CVE-2017-9124 4.3
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
12-06-2017 - 02:29 12-06-2017 - 02:29
CVE-2017-9123 4.3
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
12-06-2017 - 02:29 12-06-2017 - 02:29
CVE-2017-9122 7.1
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
12-06-2017 - 02:29 12-06-2017 - 02:29
CVE-2017-9526 4.3
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secur
10-06-2017 - 22:29 10-06-2017 - 22:29
CVE-2017-9330 1.9
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
08-06-2017 - 12:29 08-06-2017 - 12:29
CVE-2017-1000368 7.2
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
05-06-2017 - 12:29 05-06-2017 - 12:29
CVE-2017-9148 7.5
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 80
29-05-2017 - 13:29 29-05-2017 - 13:29
CVE-2017-9227 7.5
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in for
24-05-2017 - 11:29 24-05-2017 - 11:29
CVE-2017-9226 7.5
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger th
24-05-2017 - 11:29 24-05-2017 - 11:29
CVE-2017-9224 7.5
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of vali
24-05-2017 - 11:29 24-05-2017 - 11:29
CVE-2017-9217 5.0
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
24-05-2017 - 01:29 24-05-2017 - 01:29
CVE-2017-8379 4.9
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2017-8309 7.8
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2017-9079 4.7
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.
19-05-2017 - 10:29 19-05-2017 - 10:29
CVE-2017-9078 9.3
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
19-05-2017 - 10:29 19-05-2017 - 10:29
CVE-2017-7493 4.6
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest us
17-05-2017 - 11:29 17-05-2017 - 11:29
CVE-2017-7486 5.0
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
12-05-2017 - 15:29 12-05-2017 - 15:29
CVE-2017-7485 4.3
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Midd
12-05-2017 - 15:29 12-05-2017 - 15:29
CVE-2017-7484 5.0
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, po
12-05-2017 - 15:29 12-05-2017 - 15:29
CVE-2017-8905 6.8
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
11-05-2017 - 15:29 11-05-2017 - 15:29
CVE-2017-8086 4.9
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.
11-05-2017 - 12:59 02-05-2017 - 10:59
CVE-2017-8112 4.9
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.
04-05-2017 - 21:29 02-05-2017 - 10:59
CVE-2017-7718 2.1
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and
04-05-2017 - 21:29 20-04-2017 - 13:59
CVE-2017-7985 4.3
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
03-05-2017 - 09:05 25-04-2017 - 14:59
CVE-2017-7377 2.1
The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid.
17-04-2017 - 09:28 10-04-2017 - 11:59
CVE-2015-4680 5.0
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
12-04-2017 - 08:57 05-04-2017 - 13:59
CVE-2017-5973 2.1
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
31-03-2017 - 07:24 27-03-2017 - 11:59
CVE-2017-5987 2.1
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register du
22-03-2017 - 15:52 20-03-2017 - 12:59
CVE-2017-6505 2.1
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different
17-03-2017 - 09:23 15-03-2017 - 10:59
CVE-2017-5579 4.9
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug ope
16-03-2017 - 15:46 15-03-2017 - 11:59
CVE-2017-5953 7.5
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
28-02-2017 - 21:59 10-02-2017 - 02:59
CVE-2016-10029 2.1
The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SC
28-02-2017 - 10:38 27-02-2017 - 17:59
CVE-2016-10028 2.1
The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GP
28-02-2017 - 10:28 27-02-2017 - 17:59
CVE-2015-6749 4.3
Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file.
07-12-2016 - 22:13 21-09-2015 - 15:59
CVE-2016-6294 7.5
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers t
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2014-9639 5.0
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
10-09-2015 - 11:59 23-01-2015 - 10:59
CVE-2014-9638 5.0
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
10-09-2015 - 11:58 23-01-2015 - 10:59
CVE-2014-9640 5.0
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
17-04-2015 - 21:59 23-01-2015 - 10:59
Back to Top Mark selected
Back to Top