CVEs from 2017
Total
11,609
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15025 | medium | 5.5 | 5.5 | 9y ago | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error … | |||
| CVE-2017-15024 | medium | 5.5 | 5.5 | 9y ago | find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite r… | |||
| CVE-2017-15023 | medium | 5.5 | 5.5 | 9y ago | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote atta… | |||
| CVE-2017-15022 | medium | 5.5 | 5.5 | 9y ago | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of … | |||
| CVE-2017-15021 | medium | 5.5 | 5.5 | 9y ago | bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based b… | |||
| CVE-2017-15018 | medium | 5.5 | 5.5 | 9y ago | LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. | |||
| CVE-2017-1000113 | medium | 5.5 | 5.5 | 9y ago | Jenkins Deploy to container Plugin stored plain text passwords in job configuration | |||
| CVE-2017-14991 | medium | 5.5 | 5.5 | 9y ago | The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_T… | |||
| CVE-2017-0816 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938. | |||
| CVE-2017-0815 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567. | |||
| CVE-2017-14988 | medium | 5.5 | 5.5 | 9y ago | Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputF… | |||
| CVE-2017-14771 | medium | 5.5 | 5.5 | 9y ago | Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the app… | |||
| CVE-2017-14770 | medium | 5.5 | 5.5 | 9y ago | Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debu… | |||
| CVE-2017-14974 | medium | 5.5 | 5.5 | 9y ago | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which all… | |||
| CVE-2017-14954 | medium | 5.5 | 5.5 | 9y ago | The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass… | |||
| CVE-2017-14940 | medium | 5.5 | 5.5 | 9y ago | scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer der… | |||
| CVE-2017-14938 | medium | 5.5 | 5.5 | 9y ago | _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive m… | |||
| CVE-2017-14934 | medium | 5.5 | 5.5 | 9y ago | process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a… | |||
| CVE-2017-14933 | medium | 5.5 | 5.5 | 9y ago | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) … | |||
| CVE-2017-14932 | medium | 5.5 | 5.5 | 9y ago | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a … | |||
| CVE-2017-14931 | medium | 5.5 | 5.5 | 9y ago | ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file. | |||
| CVE-2017-14930 | medium | 5.5 | 5.5 | 9y ago | Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory… | |||
| CVE-2017-14928 | medium | 5.5 | 5.5 | 9y ago | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. | |||
| CVE-2017-14927 | medium | 5.5 | 5.5 | 9y ago | In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. | |||
| CVE-2017-14926 | medium | 5.5 | 5.5 | 9y ago | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. | |||
| CVE-2017-14866 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | |||
| CVE-2017-14865 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | |||
| CVE-2017-14864 | medium | 5.5 | 5.5 | 9y ago | An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of servi… | |||
| CVE-2017-14863 | medium | 5.5 | 5.5 | 9y ago | A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of … | |||
| CVE-2017-14862 | medium | 5.5 | 5.5 | 9y ago | An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial o… | |||
| CVE-2017-14861 | medium | 5.5 | 5.5 | 9y ago | There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-14860 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | |||
| CVE-2017-14859 | medium | 5.5 | 5.5 | 9y ago | An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to de… | |||
| CVE-2017-14858 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | |||
| CVE-2017-14857 | medium | 5.5 | 5.5 | 9y ago | In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack. | |||
| CVE-2017-1000252 | medium | 5.5 | 5.5 | 9y ago | The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related… | |||
| CVE-2017-9959 | medium | 5.5 | 5.5 | 9y ago | A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of serv… | |||
| CVE-2017-7972 | medium | 5.5 | 5.5 | 9y ago | A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to… | |||
| CVE-2017-14737 | medium | 5.5 | 5.5 | 9y ago | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as d… | |||
| CVE-2017-6271 | medium | 5.5 | 5.5 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while proces… | |||
| CVE-2017-6270 | medium | 5.5 | 5.5 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a cal… | |||
| CVE-2017-6267 | medium | 5.5 | 5.5 | 9y ago | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of serv… | |||
| CVE-2017-6266 | medium | 5.5 | 5.5 | 9y ago | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. | |||
| CVE-2017-14681 | medium | 5.5 | 5.5 | 9y ago | The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to t… | |||
| CVE-2017-14649 | medium | 5.5 | 5.5 | 9y ago | ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). | |||
| CVE-2017-11040 | medium | 5.5 | 5.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to. | |||
| CVE-2017-11002 | medium | 5.5 | 5.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur. | |||
| CVE-2017-11001 | medium | 5.5 | 5.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read. | |||
| CVE-2017-10996 | medium | 5.5 | 5.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. This error is not fa… | |||
| CVE-2017-14529 | medium | 5.5 | 5.5 | 9y ago | The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attack… | |||
| CVE-2017-14517 | medium | 5.5 | 5.5 | 9y ago | In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | |||
| CVE-2017-4925 | medium | 5.5 | 5.5 | 9y ago | VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.… | |||
| CVE-2017-14340 | medium | 5.5 | 5.5 | 9y ago | The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service … | |||
| CVE-2017-14483 | medium | 5.5 | 5.5 | 9y ago | flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leve… | |||
| CVE-2017-14431 | medium | 5.5 | 5.5 | 9y ago | Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no … | |||
| CVE-2017-7560 | medium | 5.5 | 5.5 | 9y ago | It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | |||
| CVE-2017-6007 | medium | 5.5 | 5.5 | 9y ago | A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the … | |||
| CVE-2017-14410 | medium | 5.5 | 5.5 | 9y ago | A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. | |||
| CVE-2017-14408 | medium | 5.5 | 5.5 | 9y ago | A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of servi… | |||
| CVE-2017-14407 | medium | 5.5 | 5.5 | 9y ago | A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. | |||
| CVE-2017-14406 | medium | 5.5 | 5.5 | 9y ago | A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which lead… | |||
| CVE-2017-8710 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, du… | |||
| CVE-2017-8688 | medium | 5.5 | 5.5 | 9y ago | Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 20… | |||
| CVE-2017-8679 | medium | 5.5 | 5.5 | 9y ago | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W… | |||
| CVE-2017-8677 | medium | 5.5 | 5.5 | 9y ago | The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Win… | |||
| CVE-2017-1352 | medium | 5.5 | 5.5 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: … | |||
| CVE-2017-1000249 | medium | 5.5 | 5.5 | 9y ago | An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an … | |||
| CVE-2017-14228 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. | |||
| CVE-2017-0793 | medium | 5.5 | 5.5 | 9y ago | A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946. | |||
| CVE-2017-0780 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976. | |||
| CVE-2017-0779 | medium | 5.5 | 5.5 | 9y ago | A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117. | |||
| CVE-2017-0777 | medium | 5.5 | 5.5 | 9y ago | A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499. | |||
| CVE-2017-0776 | medium | 5.5 | 5.5 | 9y ago | A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660. | |||
| CVE-2017-0775 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179. | |||
| CVE-2017-0774 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844. | |||
| CVE-2017-0773 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911. | |||
| CVE-2017-0772 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076. | |||
| CVE-2017-0771 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243. | |||
| CVE-2017-12912 | medium | 5.5 | 5.5 | 9y ago | The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file. | |||
| CVE-2017-12911 | medium | 5.5 | 5.5 | 9y ago | The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file. | |||
| CVE-2017-12476 | medium | 5.5 | 5.5 | 9y ago | The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application cras… | |||
| CVE-2017-12475 | medium | 5.5 | 5.5 | 9y ago | The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash… | |||
| CVE-2017-12474 | medium | 5.5 | 5.5 | 9y ago | The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and applica… | |||
| CVE-2017-14156 | medium | 5.5 | 5.5 | 9y ago | The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive informa… | |||
| CVE-2017-14140 | medium | 5.5 | 5.5 | 9y ago | The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid ex… | |||
| CVE-2017-14108 | medium | 5.5 | 5.5 | 9y ago | libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. | |||
| CVE-2017-14130 | medium | 5.5 | 5.5 | 9y ago | The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of servi… | |||
| CVE-2017-14129 | medium | 5.5 | 5.5 | 9y ago | The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_u… | |||
| CVE-2017-14128 | medium | 5.5 | 5.5 | 9y ago | The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_b… | |||
| CVE-2017-14121 | medium | 5.5 | 5.5 | 9y ago | The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one… | |||
| CVE-2017-14106 | medium | 5.5 | 5.5 | 9y ago | The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering… | |||
| CVE-2017-13672 | medium | 5.5 | 5.5 | 9y ago | QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vector… | |||
| CVE-2017-1441 | medium | 5.5 | 5.5 | 9y ago | IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106. | |||
| CVE-2017-13760 | medium | 5.5 | 5.5 | 9y ago | In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a. | |||
| CVE-2017-13757 | medium | 5.5 | 5.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-ba… | |||
| CVE-2017-13756 | medium | 5.5 | 5.5 | 9y ago | In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. | |||
| CVE-2017-13755 | medium | 5.5 | 5.5 | 9y ago | In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. | |||
| CVE-2017-12797 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which trig… | |||
| CVE-2017-13685 | medium | 5.5 | 5.5 | 9y ago | The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. | |||
| CVE-2017-13716 | medium | 5.5 | 5.5 | 9y ago | The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application cr… |