LiveActive security incident?Get immediate response
CVE archive

February 2017

Browse CVE records published in February 2017, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 872 matching CVEs · Page 1 of 18.

Critical · CVSS 9.8

CVE-2017-7375: A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did n...

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

Published Feb 19, 2018 · Updated Dec 3, 2025

Unknown · CVSS Not scored

CVE-2017-14180: Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local...

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.

Published Feb 2, 2018 · Updated Nov 3, 2025

High · CVSS 8.1 · CISA KEV

CVE-2017-0037: Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiCo...

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

Published Feb 26, 2017 · Updated Oct 21, 2025

Critical · CVSS 9.8 · CISA KEV

CVE-2017-18362: ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote c...

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all endpoints managed by the VSA server. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run arbitrary SQL queries, both read and write, without authentication.

Published Feb 5, 2019 · Updated Oct 21, 2025

Medium · CVSS 4

CVE-2017-20176: ciubotaru share-on-diaspora new_window.php cross site scripting

A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204.

Published Feb 6, 2023 · Updated Mar 25, 2025

Medium · CVSS 4

CVE-2017-20177: WangGuard Plugin WGG User List wangguard-user-info.php wangguard_users_info cross site scripting

A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0 on WordPress. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The patch is identified as 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability.

Published Feb 6, 2023 · Updated Mar 5, 2025

Unknown · CVSS Not scored

CVE-2017-0911: Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with...

Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service.

Published Feb 9, 2018 · Updated Sep 17, 2024