Total
11965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5025 | 1 Google | 1 Chrome | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | |||||
| CVE-2017-5052 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. | |||||
| CVE-2017-17482 | 1 Hp | 1 Openvms | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and through V8.4-2L1 on IA64, and VAX/VMS 4.0 and later. A malformed DCL command table may result in a buffer overflow allowing a local privilege escalation when a non-privileged account enters a crafted command line. This bug is exploitable on VAX and Alpha and may cause a process crash on IA64. Software was affected regardless of whether it was directly shipped by VMS Software, Inc. (VSI), HPE, HP, Compaq, or Digital Equipment Corporation. | |||||
| CVE-2017-17126 | 1 Gnu | 1 Binutils | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers. | |||||
| CVE-2017-17858 | 1 Artifex | 1 Mupdf | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. | |||||
| CVE-2017-17498 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-18269 | 2 Gnu, Linux | 2 Glibc, Linux Kernel | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. | |||||
| CVE-2017-17124 | 1 Gnu | 1 Binutils | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary. | |||||
| CVE-2017-18379 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. | |||||
| CVE-2017-17121 | 1 Gnu | 1 Binutils | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section. | |||||
| CVE-2017-16826 | 1 Gnu | 1 Binutils | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file. | |||||
| CVE-2017-15938 | 1 Gnu | 1 Binutils | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). | |||||
| CVE-2017-16352 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. | |||||
| CVE-2017-16927 | 2 Debian, Neutrinolabs | 2 Debian Linux, Xrdp | 2023-11-07 | 7.2 HIGH | 8.4 HIGH |
| The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream. | |||||
| CVE-2017-15996 | 1 Gnu | 1 Binutils | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. | |||||
| CVE-2017-16827 | 1 Gnu | 1 Binutils | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. | |||||
| CVE-2017-15804 | 1 Gnu | 1 Glibc | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. | |||||
| CVE-2017-14493 | 5 Canonical, Debian, Opensuse and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. | |||||
| CVE-2017-15396 | 4 Debian, Google, Icu-project and 1 more | 6 Debian Linux, Chrome, International Components For Unicode and 3 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2017-14687 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. | |||||