CVEs from 2017
Total
11,607
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0668 | medium | 5.5 | 5.5 | 9y ago | A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579. | |||
| CVE-2017-8387 | medium | 5.5 | 5.5 | 9y ago | STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issue… | |||
| CVE-2017-1207 | medium | 5.5 | 5.5 | 9y ago | IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. | |||
| CVE-2017-6705 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known… | |||
| CVE-2017-10800 | medium | 5.5 | 5.5 | 9y ago | When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount… | |||
| CVE-2017-10799 | medium | 5.5 | 5.5 | 9y ago | When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). | |||
| CVE-2017-10794 | medium | 5.5 | 5.5 | 9y ago | When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. | |||
| CVE-2017-10674 | medium | 5.5 | 5.5 | 9y ago | Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call. | |||
| CVE-2017-3747 | medium | 5.5 | 5.5 | 9y ago | Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileg… | |||
| CVE-2017-8575 | medium | 5.5 | 5.5 | 9y ago | The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics … | |||
| CVE-2017-9257 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a cra… | |||
| CVE-2017-9256 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a cra… | |||
| CVE-2017-9255 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a cra… | |||
| CVE-2017-9254 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a cra… | |||
| CVE-2017-9253 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a cra… | |||
| CVE-2017-9223 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash… | |||
| CVE-2017-9222 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a … | |||
| CVE-2017-9221 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash… | |||
| CVE-2017-9220 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp… | |||
| CVE-2017-9219 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application c… | |||
| CVE-2017-9218 | medium | 5.5 | 5.5 | 9y ago | The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash… | |||
| CVE-2017-9955 | medium | 5.5 | 5.5 | 9y ago | The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based b… | |||
| CVE-2017-9954 | medium | 5.5 | 5.5 | 9y ago | The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buff… | |||
| CVE-2017-9929 | medium | 5.5 | 5.5 | 9y ago | In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9928 | medium | 5.5 | 5.5 | 9y ago | In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9870 | medium | 5.5 | 5.5 | 9y ago | The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application c… | |||
| CVE-2017-9868 | medium | 5.5 | 5.5 | 9y ago | In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information. | |||
| CVE-2017-9865 | medium | 5.5 | 5.5 | 9y ago | The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF doc… | |||
| CVE-2017-9847 | medium | 5.5 | 5.5 | 9y ago | The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||
| CVE-2017-1349 | medium | 5.5 | 5.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525. | |||
| CVE-2017-1302 | medium | 5.5 | 5.5 | 9y ago | IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456. | |||
| CVE-2017-9782 | medium | 5.5 | 5.5 | 9y ago | JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec… | |||
| CVE-2017-9778 | medium | 5.5 | 5.5 | 9y ago | GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a … | |||
| CVE-2017-9762 | medium | 5.5 | 5.5 | 9y ago | The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file. | |||
| CVE-2017-9761 | medium | 5.5 | 5.5 | 9y ago | The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | |||
| CVE-2017-1000380 | medium | 5.5 | 5.5 | 9y ago | sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i… | |||
| CVE-2017-9503 | medium | 5.5 | 5.5 | 9y ago | QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and Q… | |||
| CVE-2017-9375 | medium | 5.5 | 5.5 | 9y ago | QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving co… | |||
| CVE-2017-9374 | medium | 5.5 | 5.5 | 9y ago | Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplug… | |||
| CVE-2017-9373 | medium | 5.5 | 5.5 | 9y ago | Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplug… | |||
| CVE-2017-8544 | medium | 5.5 | 5.5 | 9y ago | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attack… | |||
| CVE-2017-8515 | medium | 5.5 | 5.5 | 9y ago | Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system,… | |||
| CVE-2017-8508 | medium | 5.5 | 5.5 | 9y ago | A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability". | |||
| CVE-2017-8493 | medium | 5.5 | 5.5 | 9y ago | Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or requir… | |||
| CVE-2017-0295 | medium | 5.5 | 5.5 | 9y ago | Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability". | |||
| CVE-2017-9617 | medium | 5.5 | 5.5 | 9y ago | In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. | |||
| CVE-2017-9616 | medium | 5.5 | 5.5 | 9y ago | In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. | |||
| CVE-2017-0647 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could b… | |||
| CVE-2017-0646 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to detai… | |||
| CVE-2017-0645 | medium | 5.5 | 5.5 | 9y ago | An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local … | |||
| CVE-2017-0644 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the poss… | |||
| CVE-2017-0643 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the poss… | |||
| CVE-2017-0642 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due … | |||
| CVE-2017-0641 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due t… | |||
| CVE-2017-0640 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the poss… | |||
| CVE-2017-0639 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a … | |||
| CVE-2017-8239 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory. | |||
| CVE-2017-8235 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected. | |||
| CVE-2017-7366 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters. | |||
| CVE-2017-9605 | medium | 5.5 | 5.5 | 9y ago | The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variabl… | |||
| CVE-2017-6696 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected syste… | |||
| CVE-2017-6695 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases:… | |||
| CVE-2017-6694 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext crede… | |||
| CVE-2017-6693 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system,… | |||
| CVE-2017-9520 | medium | 5.5 | 5.5 | 9y ago | The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. | |||
| CVE-2017-4900 | medium | 5.5 | 5.5 | 9y ago | VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with norma… | |||
| CVE-2017-9474 | medium | 5.5 | 5.5 | 9y ago | In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||
| CVE-2017-9473 | medium | 5.5 | 5.5 | 9y ago | In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||
| CVE-2017-9472 | medium | 5.5 | 5.5 | 9y ago | In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||
| CVE-2017-9471 | medium | 5.5 | 5.5 | 9y ago | In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||
| CVE-2017-9470 | medium | 5.5 | 5.5 | 9y ago | In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | |||
| CVE-2017-7515 | medium | 5.5 | 5.5 | 9y ago | poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. | |||
| CVE-2017-3740 | medium | 5.5 | 5.5 | 9y ago | In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the sys… | |||
| CVE-2017-9060 | medium | 5.5 | 5.5 | 9y ago | Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large nu… | |||
| CVE-2017-4897 | medium | 5.5 | 5.5 | 9y ago | VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a mal… | |||
| CVE-2017-7511 | medium | 5.5 | 5.5 | 9y ago | poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. | |||
| CVE-2017-9302 | medium | 5.5 | 5.5 | 9y ago | RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file. | |||
| CVE-2017-9242 | medium | 5.5 | 5.5 | 9y ago | The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to… | |||
| CVE-2017-8542 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-8539 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-8314 | medium | 5.5 | 5.5 | 9y ago | Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. | |||
| CVE-2017-8313 | medium | 5.5 | 5.5 | 9y ago | Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via … | |||
| CVE-2017-8312 | medium | 5.5 | 5.5 | 9y ago | multiple issues in vlc | |||
| CVE-2017-8310 | medium | 5.5 | 5.5 | 9y ago | multiple issues in vlc | |||
| CVE-2017-9211 | medium | 5.5 | 5.5 | 9y ago | The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of se… | |||
| CVE-2017-9210 | medium | 5.5 | 5.5 | 9y ago | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop… | |||
| CVE-2017-9209 | medium | 5.5 | 5.5 | 9y ago | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpd… | |||
| CVE-2017-9208 | medium | 5.5 | 5.5 | 9y ago | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infi… | |||
| CVE-2017-6990 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a craf… | |||
| CVE-2017-6987 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2540 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions v… | |||
| CVE-2017-2507 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2502 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-9059 | medium | 5.5 | 5.5 | 9y ago | The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an … | |||
| CVE-2017-9044 | medium | 5.5 | 5.5 | 9y ago | The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. | |||
| CVE-2017-9041 | medium | 5.5 | 5.5 | 9y ago | GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_… | |||
| CVE-2017-9040 | medium | 5.5 | 5.5 | 9y ago | GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafte… | |||
| CVE-2017-9039 | medium | 5.5 | 5.5 | 9y ago | GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. | |||
| CVE-2017-9038 | medium | 5.5 | 5.5 | 9y ago | GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in el… | |||
| CVE-2017-8382 | medium | 4.5 | 5.5 | 9y ago | admidio CSRF Vulnerability |