CWE-17

166 CVEs classified under CWE-17. Browse by severity and year.

Top CVEs for CWE-17
CVESeverityScorePublishedSummary
CVE-2016-10481Critical9.82018-04-18In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QC…
CVE-2016-10142High8.62017-01-14An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implemen…
CVE-2016-10075High7.82017-01-19The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the curren…
CVE-2015-9213High7.52018-04-18In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MD…
CVE-2015-5229High7.52016-04-08The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-de…
CVE-2015-8547High7.52016-01-08The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application…
CVE-2015-8027High7.52016-01-02Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote att…
CVE-2015-7410High7.42016-01-01The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attac…
CVE-2014-9426High7.32014-12-31The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based char…
CVE-2015-7441Medium6.82016-01-01Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8…
CVE-2016-1571Medium6.32016-01-22The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows lo…
CVE-2015-7793Medium5.82015-12-30Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.
CVE-2016-2169Medium5.32018-04-18Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application devel…
CVE-2016-1940Medium5.32016-01-31Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) B…
CVE-2015-4943Medium5.32016-01-01IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect action…
CVE-2015-4941Medium5.32016-01-01IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash)…
CVE-2016-2314Medium4.92016-02-15GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outa…
CVE-2016-1943Medium4.72016-01-31Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
CVE-2020-3222Medium4.32020-06-03A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control re…
CVE-2016-3721Medium4.32016-05-17Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environmen…