Max CVSS 10.0 Min CVSS 2.1 Total Count75
IDCVSSSummaryLast (major) updatePublished
CVE-2017-15427 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15426 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15425 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15424 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15423 5.0
Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15422 4.3
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15420 4.3
Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15419 4.3
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15418 4.3
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15417 2.6
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15416 4.3
Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15415 4.3
Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15413 6.8
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15412 6.8
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15411 6.8
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15410 6.8
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15409 6.8
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15408 6.8
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15407 6.8
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15097 7.2
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.
27-07-2018 - 16:29 27-07-2018 - 16:29
CVE-2017-7830 4.3
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderb
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7828 7.5
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7826 10.0
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-1000385 4.3
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11940 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft
08-12-2017 - 09:29 08-12-2017 - 09:29
CVE-2017-11937 9.3
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft
07-12-2017 - 12:29 07-12-2017 - 12:29
CVE-2017-3738 4.3
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult
07-12-2017 - 11:29 07-12-2017 - 11:29
CVE-2017-3737 4.3
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue
07-12-2017 - 11:29 07-12-2017 - 11:29
CVE-2017-17439 5.0
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading
06-12-2017 - 10:29 06-12-2017 - 10:29
CVE-2017-17434 7.5
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechan
05-12-2017 - 22:29 05-12-2017 - 22:29
CVE-2017-17433 7.5
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote atta
05-12-2017 - 22:29 05-12-2017 - 22:29
CVE-2017-1000405 6.9
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario br
30-11-2017 - 17:29 30-11-2017 - 17:29
CVE-2017-12372 6.8
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing
30-11-2017 - 04:29 30-11-2017 - 04:29
CVE-2017-12371 6.8
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing
30-11-2017 - 04:29 30-11-2017 - 04:29
CVE-2017-12370 6.8
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing
30-11-2017 - 04:29 30-11-2017 - 04:29
CVE-2017-12369 6.8
A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user w
30-11-2017 - 04:29 30-11-2017 - 04:29
CVE-2017-12368 6.8
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing
30-11-2017 - 04:29 30-11-2017 - 04:29
CVE-2017-12367 6.8
A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a us
30-11-2017 - 04:29 30-11-2017 - 04:29
CVE-2017-16939 7.2
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM
24-11-2017 - 05:29 24-11-2017 - 05:29
CVE-2017-12172 7.2
PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary co
22-11-2017 - 14:29 22-11-2017 - 14:29
CVE-2017-12193 4.9
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application
22-11-2017 - 13:29 22-11-2017 - 13:29
CVE-2017-16853 6.8
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as
16-11-2017 - 12:29 16-11-2017 - 12:29
CVE-2017-16844 10.0
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcode
16-11-2017 - 10:29 16-11-2017 - 10:29
CVE-2017-16239 4.0
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the I
14-11-2017 - 12:29 14-11-2017 - 12:29
CVE-2017-16643 7.2
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted U
07-11-2017 - 18:29 07-11-2017 - 18:29
CVE-2017-15306 4.9
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl cal
06-11-2017 - 13:29 06-11-2017 - 13:29
CVE-2017-16535 7.2
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB devi
03-11-2017 - 21:29 03-11-2017 - 21:29
CVE-2017-15597 9.0
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy
30-10-2017 - 10:29 30-10-2017 - 10:29
CVE-2017-15951 7.2
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly hav
27-10-2017 - 22:29 27-10-2017 - 22:29
CVE-2017-15906 5.0
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
25-10-2017 - 23:29 25-10-2017 - 23:29
CVE-2017-10388 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unau
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10357 5.0
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows un
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10356 2.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10355 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitabl
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10350 5.0
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10349 5.0
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthentic
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10348 5.0
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauth
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10347 5.0
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthentic
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10346 6.8
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthen
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10345 2.6
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to e
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10295 4.3
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to expl
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10285 6.8
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthentica
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10281 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploit
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10274 4.0
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network acces
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-15595 7.2
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
18-10-2017 - 04:29 18-10-2017 - 04:29
CVE-2017-15592 7.2
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
18-10-2017 - 04:29 18-10-2017 - 04:29
CVE-2017-15289 2.1
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
16-10-2017 - 14:29 16-10-2017 - 14:29
CVE-2017-15299 4.9
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have un
14-10-2017 - 19:29 14-10-2017 - 19:29
CVE-2017-14970 5.0
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow contro
01-10-2017 - 21:29 01-10-2017 - 21:29
CVE-2017-12146 6.9
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.
08-09-2017 - 15:29 08-09-2017 - 15:29
CVE-2017-13672 2.1
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
01-09-2017 - 09:29 01-09-2017 - 09:29
CVE-2017-10198 4.3
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit v
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10193 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthen
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2014-3618 7.5
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
06-01-2017 - 22:00 08-09-2014 - 10:55
CVE-2008-1483 6.9
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and
08-08-2014 - 16:41 24-03-2008 - 19:44
Back to Top Mark selected
Back to Top