Total
8120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5100 | 4 Debian, Google, Microsoft and 1 more | 6 Debian Linux, Chrome, Windows and 3 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
CVE-2018-5764 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Rsync | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. | |||||
CVE-2017-14975 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. | |||||
CVE-2017-13777 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | |||||
CVE-2017-8814 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." | |||||
CVE-2017-14039 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. | |||||
CVE-2017-1000251 | 4 Debian, Linux, Nvidia and 1 more | 10 Debian Linux, Linux Kernel, Jetson Tk1 and 7 more | 2024-02-04 | 7.7 HIGH | 8.0 HIGH |
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. | |||||
CVE-2017-13090 | 2 Debian, Gnu | 2 Debian Linux, Wget | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. | |||||
CVE-2017-9403 | 3 Canonical, Debian, Libtiff | 3 Ubuntu Linux, Debian Linux, Libtiff | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. | |||||
CVE-2017-5103 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
CVE-2017-12902 | 3 Debian, Redhat, Tcpdump | 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. | |||||
CVE-2017-13721 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-04 | 1.9 LOW | 4.7 MEDIUM |
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | |||||
CVE-2017-0900 | 3 Debian, Redhat, Rubygems | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. | |||||
CVE-2017-9022 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. | |||||
CVE-2017-14245 | 2 Debian, Libsndfile Project | 2 Debian Linux, Libsndfile | 2024-02-04 | 5.8 MEDIUM | 8.1 HIGH |
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | |||||
CVE-2017-9988 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. | |||||
CVE-2017-14166 | 3 Canonical, Debian, Libarchive | 3 Ubuntu Linux, Debian Linux, Libarchive | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. | |||||
CVE-2017-14064 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 6 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. | |||||
CVE-2017-3737 | 2 Debian, Openssl | 2 Debian Linux, Openssl | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. | |||||
CVE-2017-12137 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. |