CVEs from 2017
Total
11,665
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3746 | high | 7.8 | 7.8 | 9y ago | ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code … | |||
| CVE-2017-2242 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10836 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10831 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain privil… | |||
| CVE-2017-10830 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10828 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecifie… | |||
| CVE-2017-10827 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10826 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10812 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-12840 | high | 7.8 | 7.8 | 9y ago | A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of t… | |||
| CVE-2017-12595 | high | 7.8 | 7.8 | 9y ago | The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have… | |||
| CVE-2017-13686 | high | 7.8 | 7.8 | 9y ago | net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointe… | |||
| CVE-2017-12136 | high | 7.8 | 7.8 | 9y ago | Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the hos… | |||
| CVE-2017-0805 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701. | |||
| CVE-2017-11159 | high | 7.8 | 7.8 | 9y ago | Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking a… | |||
| CVE-2017-13130 | high | 7.8 | 7.8 | 9y ago | mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substr… | |||
| CVE-2017-6329 | high | 7.8 | 7.8 | 9y ago | Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker… | |||
| CVE-2017-10663 | high | 7.8 | 7.8 | 9y ago | The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2017-10662 | high | 7.8 | 7.8 | 9y ago | The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2017-11323 | high | 7.8 | 7.8 | 9y ago | Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substr… | |||
| CVE-2017-9678 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). | |||
| CVE-2017-3756 | high | 7.8 | 7.8 | 9y ago | A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with … | |||
| CVE-2017-11160 | high | 7.8 | 7.8 | 9y ago | Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a T… | |||
| CVE-2017-8272 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap wri… | |||
| CVE-2017-8268 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver p… | |||
| CVE-2017-8263 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. | |||
| CVE-2017-8261 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. | |||
| CVE-2017-8260 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. | |||
| CVE-2017-8257 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the d… | |||
| CVE-2017-8256 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. | |||
| CVE-2017-8255 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. | |||
| CVE-2017-8253 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. | |||
| CVE-2017-11653 | high | 7.8 | 7.8 | 9y ago | Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNati… | |||
| CVE-2017-10665 | high | 7.8 | 7.8 | 9y ago | Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in … | |||
| CVE-2017-2289 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-2228 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10824 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecifi… | |||
| CVE-2017-10823 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to … | |||
| CVE-2017-10822 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows… | |||
| CVE-2017-10821 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an … | |||
| CVE-2017-6768 | high | 7.8 | 7.8 | 9y ago | A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, lo… | |||
| CVE-2017-12892 | high | 7.8 | 7.8 | 9y ago | Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the curren… | |||
| CVE-2017-8243 | high | 7.8 | 7.8 | 9y ago | A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file. | |||
| CVE-2017-1469 | high | 7.8 | 7.8 | 9y ago | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. | |||
| CVE-2017-11156 | high | 7.8 | 7.8 | 9y ago | Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code… | |||
| CVE-2017-11150 | high | 7.8 | 7.8 | 9y ago | Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted fi… | |||
| CVE-2017-9648 | high | 7.8 | 7.8 | 9y ago | An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow… | |||
| CVE-2017-9646 | high | 7.8 | 7.8 | 9y ago | An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identifie… | |||
| CVE-2017-8273 | high | 7.8 | 7.8 | 9y ago | In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffe… | |||
| CVE-2017-8271 | high | 7.8 | 7.8 | 9y ago | Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter. | |||
| CVE-2017-8264 | high | 7.8 | 7.8 | 9y ago | A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel. | |||
| CVE-2017-8259 | high | 7.8 | 7.8 | 9y ago | In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not us… | |||
| CVE-2017-12799 | high | 7.8 | 7.8 | 9y ago | The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via… | |||
| CVE-2017-3751 | high | 7.8 | 7.8 | 9y ago | An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privil… | |||
| CVE-2017-0750 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013. | |||
| CVE-2017-0749 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735. | |||
| CVE-2017-0747 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821. | |||
| CVE-2017-0746 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392. | |||
| CVE-2017-0745 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296. | |||
| CVE-2017-0742 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524. | |||
| CVE-2017-0741 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523. | |||
| CVE-2017-0740 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Broadcom networking driver. Product: Android. Versions: Android kernel. Android ID: A-37168488. References: B-RB#116402. | |||
| CVE-2017-0737 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942. | |||
| CVE-2017-0732 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237. | |||
| CVE-2017-0731 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363. | |||
| CVE-2017-0729 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346. | |||
| CVE-2017-0728 | high | 7.8 | 7.8 | 9y ago | A denial of service vulnerability in the Android media framework (hevc decoder). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37469795. | |||
| CVE-2017-0727 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354. | |||
| CVE-2017-0723 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755. | |||
| CVE-2017-0722 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827. | |||
| CVE-2017-0721 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37561455. | |||
| CVE-2017-0720 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213. | |||
| CVE-2017-0719 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673. | |||
| CVE-2017-0718 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273547. | |||
| CVE-2017-0716 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196. | |||
| CVE-2017-0715 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372. | |||
| CVE-2017-0714 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637. | |||
| CVE-2017-0713 | high | 7.8 | 7.8 | 9y ago | A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780. | |||
| CVE-2017-0712 | high | 7.8 | 7.8 | 9y ago | A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928. | |||
| CVE-2017-8624 | high | 7.8 | 7.8 | 9y ago | CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation… | |||
| CVE-2017-8622 | high | 7.8 | 7.8 | 9y ago | Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privileg… | |||
| CVE-2017-8591 | high | 7.8 | 7.8 | 9y ago | Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulne… | |||
| CVE-2017-0250 | high | 7.8 | 7.8 | 9y ago | Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server… | |||
| CVE-2017-9942 | high | 7.8 | 7.8 | 9y ago | A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to p… | |||
| CVE-2017-6419 | high | 7.8 | 7.8 | 9y ago | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified oth… | |||
| CVE-2017-12596 | high | 7.8 | 7.8 | 9y ago | In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly uns… | |||
| CVE-2017-12480 | high | 7.8 | 7.8 | 9y ago | Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory. | |||
| CVE-2017-12482 | high | 7.8 | 7.8 | 9y ago | The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unsp… | |||
| CVE-2017-12481 | high | 7.8 | 7.8 | 9y ago | The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impac… | |||
| CVE-2017-2221 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-10820 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in Installer of IP Messenger for Win 4.60 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2017-12459 | high | 7.8 | 7.8 | 9y ago | The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause … | |||
| CVE-2017-12458 | high | 7.8 | 7.8 | 9y ago | The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause… | |||
| CVE-2017-12457 | high | 7.8 | 7.8 | 9y ago | The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NUL… | |||
| CVE-2017-12456 | high | 7.8 | 7.8 | 9y ago | The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. | |||
| CVE-2017-12455 | high | 7.8 | 7.8 | 9y ago | The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bo… | |||
| CVE-2017-12454 | high | 7.8 | 7.8 | 9y ago | The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbi… | |||
| CVE-2017-12453 | high | 7.8 | 7.8 | 9y ago | The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of boun… | |||
| CVE-2017-12452 | high | 7.8 | 7.8 | 9y ago | The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attac… | |||
| CVE-2017-12451 | high | 7.8 | 7.8 | 9y ago | The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remo… |