Total
9187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5106 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||
| CVE-2017-5104 | 4 Apple, Debian, Google and 1 more | 6 Macos, Debian Linux, Chrome and 3 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page. | |||||
| CVE-2017-6469 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. | |||||
| CVE-2017-5122 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. | |||||
| CVE-2017-5099 | 3 Debian, Google, Linux | 3 Debian Linux, Chrome, Linux Kernel | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page. | |||||
| CVE-2017-6304 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." | |||||
| CVE-2017-6313 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2023-11-07 | 5.8 MEDIUM | 7.1 HIGH |
| Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. | |||||
| CVE-2017-5105 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||
| CVE-2017-6305 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write." | |||||
| CVE-2017-5205 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). | |||||
| CVE-2017-5202 | 3 Debian, Redhat, Tcpdump | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). | |||||
| CVE-2017-6301 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads." | |||||
| CVE-2017-5093 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. | |||||
| CVE-2017-5991 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected. | |||||
| CVE-2017-5118 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-11-07 | 4.3 MEDIUM | 4.3 MEDIUM |
| Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2017-5126 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2017-5098 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-5973 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. | |||||
| CVE-2017-6314 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. | |||||
| CVE-2017-6362 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | |||||