LiveActive security incident?Get immediate response
CVE archive

February 2017

Browse CVE records published in February 2017, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 872 matching CVEs · Page 2 of 18.

Unknown · CVSS Not scored

CVE-2017-18093: Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and...

Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.

Published Feb 19, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2017-18087: The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from ve...

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.

Published Feb 15, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2017-6279: NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server w...

NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279.

Published Feb 6, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2017-13228: In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defi...

In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425.

Published Feb 12, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2017-13273: In xt_qtaguid.c, there is a race condition due to insufficient locking.

In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158.

Published Feb 15, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2017-13230: In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_lu...

In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665.

Published Feb 12, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2017-1462: IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting.

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128461.

Published Feb 21, 2018 · Updated Sep 17, 2024