Total
11965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15409 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2017-15398 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server. | |||||
| CVE-2017-14492 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. | |||||
| CVE-2017-15418 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2017-15416 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read. | |||||
| CVE-2017-15406 | 1 Google | 1 Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-14686 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. | |||||
| CVE-2017-15408 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. | |||||
| CVE-2017-15417 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 2.6 LOW | 5.3 MEDIUM |
| Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2017-15415 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page. | |||||
| CVE-2017-14685 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. | |||||
| CVE-2017-14729 | 1 Gnu | 1 Binutils | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | |||||
| CVE-2017-11628 | 1 Php | 1 Php | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives. | |||||
| CVE-2017-12141 | 1 Ytnef Project | 1 Ytnef | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-13064 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. | |||||
| CVE-2017-13733 | 1 Gnu | 1 Ncurses | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | |||||
| CVE-2017-13729 | 1 Gnu | 1 Ncurses | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. | |||||
| CVE-2017-11309 | 1 Avaya | 1 Ip Office | 2023-11-07 | 6.8 MEDIUM | 9.6 CRITICAL |
| Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. | |||||
| CVE-2017-13063 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. | |||||
| CVE-2017-10684 | 1 Gnu | 1 Ncurses | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | |||||