CVEs from 2017
Total
11,664
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15093 | medium | — | 5.5 | — | When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized us… | |||
| CVE-2017-15715 | medium | — | 5.5 | — | multiple issues in apache | |||
| CVE-2017-15364 | medium | 5.5 | 5.5 | 4y ago | ccsv Double Free vulnerability | |||
| CVE-2017-17554 | medium | 5.5 | 5.5 | 4y ago | A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file. | |||
| CVE-2017-18640 | medium | — | 5.5 | 5y ago | RHSA-2020:4807: prometheus-jmx-exporter security update (Moderate) | |||
| CVE-2017-18926 | medium | — | 5.5 | 5y ago | RHSA-2021:1842: raptor2 security and bug fix update (Moderate) | |||
| CVE-2017-0359 | medium | — | 5.5 | 8y ago | diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive. | |||
| CVE-2017-18258 | medium | — | 5.5 | 8y ago | Uncontrolled resource consumption in nokogiri | |||
| CVE-2017-18005 | medium | 5.5 | 5.5 | 9y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2017-17975 | medium | 5.5 | 5.5 | 9y ago | Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have un… | |||
| CVE-2017-17967 | medium | 5.5 | 5.5 | 9y ago | pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482. | |||
| CVE-2017-17862 | medium | 5.5 | 5.5 | 9y ago | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning … | |||
| CVE-2017-17820 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. | |||
| CVE-2017-17819 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with … | |||
| CVE-2017-17817 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. | |||
| CVE-2017-17816 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. | |||
| CVE-2017-17815 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relations… | |||
| CVE-2017-17814 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. | |||
| CVE-2017-17813 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syn… | |||
| CVE-2017-17812 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack. | |||
| CVE-2017-17811 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to … | |||
| CVE-2017-17810 | medium | 5.5 | 5.5 | 9y ago | In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of… | |||
| CVE-2017-1596 | medium | 5.5 | 5.5 | 9y ago | IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550. | |||
| CVE-2017-1595 | medium | 5.5 | 5.5 | 9y ago | IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549. | |||
| CVE-2017-17788 | medium | 5.5 | 5.5 | 9y ago | In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. | |||
| CVE-2017-17669 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. | |||
| CVE-2017-11934 | medium | 5.5 | 5.5 | 9y ago | Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Micros… | |||
| CVE-2017-11273 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure. | |||
| CVE-2017-15121 | medium | 5.5 | 5.5 | 9y ago | A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. | |||
| CVE-2017-17123 | medium | 5.5 | 5.5 | 9y ago | The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service… | |||
| CVE-2017-17113 | medium | 5.5 | 5.5 | 9y ago | ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request. | |||
| CVE-2017-16611 | medium | 5.5 | 5.5 | 9y ago | In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be trigge… | |||
| CVE-2017-17087 | medium | 5.5 | 5.5 | 9y ago | fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local user… | |||
| CVE-2017-17080 | medium | 5.5 | 5.5 | 9y ago | elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of servic… | |||
| CVE-2017-15116 | medium | 5.5 | 5.5 | 9y ago | The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). | |||
| CVE-2017-17054 | medium | 5.5 | 5.5 | 9y ago | In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file. | |||
| CVE-2017-8216 | medium | 5.5 | 5.5 | 9y ago | Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization o… | |||
| CVE-2017-8202 | medium | 5.5 | 5.5 | 9y ago | The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,version… | |||
| CVE-2017-8186 | medium | 5.5 | 5.5 | 9y ago | The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into inst… | |||
| CVE-2017-8184 | medium | 5.5 | 5.5 | 9y ago | MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user in… | |||
| CVE-2017-8183 | medium | 5.5 | 5.5 | 9y ago | MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user in… | |||
| CVE-2017-8175 | medium | 5.5 | 5.5 | 9y ago | The Bastet of some Huawei mobile phones with software earlier than Vicky-AL00AC00B167 versions, earlier than Victoria-AL00AC00B167 versions, earlier than Warsaw-AL00C00B191 versions has an insufficie… | |||
| CVE-2017-8172 | medium | 5.5 | 5.5 | 9y ago | Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a us… | |||
| CVE-2017-8149 | medium | 5.5 | 5.5 | 9y ago | The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 ha… | |||
| CVE-2017-8146 | medium | 5.5 | 5.5 | 9y ago | The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a … | |||
| CVE-2017-8145 | medium | 5.5 | 5.5 | 9y ago | The call module of P10 and P10 Plus smartphones with software versions before VTR-AL00C00B167, versions before VTR-TL00C01B167, versions before VKY-AL00C00B167, versions before VKY-TL00C01B167 has a … | |||
| CVE-2017-8144 | medium | 5.5 | 5.5 | 9y ago | Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L… | |||
| CVE-2017-8143 | medium | 5.5 | 5.5 | 9y ago | Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. An attacker may trick a … | |||
| CVE-2017-8136 | medium | 5.5 | 5.5 | 9y ago | HedEx Earlier than V200R006C00 versions has an arbitrary file download vulnerability. An attacker could exploit it to download arbitrary files on a target device to cause information leak. | |||
| CVE-2017-2734 | medium | 5.5 | 5.5 | 9y ago | P9 Plus smartphones with software versions earlier before VIE-AL10BC00B386 have a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart… | |||
| CVE-2017-2733 | medium | 5.5 | 5.5 | 9y ago | Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration… | |||
| CVE-2017-2732 | medium | 5.5 | 5.5 | 9y ago | Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP … | |||
| CVE-2017-2731 | medium | 5.5 | 5.5 | 9y ago | The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the … | |||
| CVE-2017-2711 | medium | 5.5 | 5.5 | 9y ago | P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious app… | |||
| CVE-2017-2709 | medium | 5.5 | 5.5 | 9y ago | HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. An attacker tricks a user into installing a malicious application on the … | |||
| CVE-2017-2695 | medium | 5.5 | 5.5 | 9y ago | TIT-AL00C583B211 has a directory traversal vulnerability which allows an attacker to obtain the files in email application. | |||
| CVE-2017-2690 | medium | 5.5 | 5.5 | 9y ago | SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V20… | |||
| CVE-2017-12193 | medium | 5.5 | 5.5 | 9y ago | The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL point… | |||
| CVE-2017-3157 | medium | 5.5 | 5.5 | 9y ago | By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrie… | |||
| CVE-2017-16898 | medium | 5.5 | 5.5 | 9y ago | The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a dif… | |||
| CVE-2017-1000128 | medium | 5.5 | 5.5 | 9y ago | Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser | |||
| CVE-2017-1000127 | medium | 5.5 | 5.5 | 9y ago | Exiv2 0.26 contains a heap buffer overflow in tiff parser | |||
| CVE-2017-1000126 | medium | 5.5 | 5.5 | 9y ago | exiv2 0.26 contains a Stack out of bounds read in webp parser | |||
| CVE-2017-10888 | medium | 5.5 | 5.5 | 9y ago | BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors. | |||
| CVE-2017-16868 | medium | 5.5 | 5.5 | 9y ago | In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer ove… | |||
| CVE-2017-1000201 | medium | 5.5 | 5.5 | 9y ago | The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack | |||
| CVE-2017-1000186 | medium | 5.5 | 5.5 | 9y ago | In SWFTools, a stack overflow was found in pdf2swf. | |||
| CVE-2017-1000185 | medium | 5.5 | 5.5 | 9y ago | In SWFTools, a memcpy buffer overflow was found in gif2swf. | |||
| CVE-2017-1000182 | medium | 5.5 | 5.5 | 9y ago | In SWFTools, a memory leak was found in wav2swf. | |||
| CVE-2017-1000176 | medium | 5.5 | 5.5 | 9y ago | In SWFTools, a memcpy buffer overflow was found in swfc. | |||
| CVE-2017-1000174 | medium | 5.5 | 5.5 | 9y ago | In SWFTools, an address access exception was found in swfdump swf_GetBits(). | |||
| CVE-2017-15517 | medium | 5.5 | 5.5 | 9y ago | AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by … | |||
| CVE-2017-11877 | medium | 5.5 | 5.5 | 9y ago | Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibi… | |||
| CVE-2017-11853 | medium | 5.5 | 5.5 | 9y ago | Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, … | |||
| CVE-2017-11835 | medium | 5.5 | 5.5 | 9y ago | Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows … | |||
| CVE-2017-7475 | medium | 5.5 | 5.5 | 9y ago | cairo is vulnerable to denial of service due to a null pointer dereference | |||
| CVE-2017-12624 | medium | 5.5 | 5.5 | 9y ago | Improper Input Validation in Apache CXF | |||
| CVE-2017-16808 | medium | 5.5 | 5.5 | 9y ago | tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. | |||
| CVE-2017-16805 | medium | 5.5 | 5.5 | 9y ago | In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c … | |||
| CVE-2017-8806 | medium | 5.5 | 5.5 | 9y ago | The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debia… | |||
| CVE-2017-7113 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fiel… | |||
| CVE-2017-13842 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-13841 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-13840 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-13836 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-13828 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Fonts" component. It allows remote attackers to spoof the user interface via crafted text. | |||
| CVE-2017-13823 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via … | |||
| CVE-2017-13822 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via… | |||
| CVE-2017-13821 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a… | |||
| CVE-2017-13818 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-13817 | medium | 5.5 | 5.5 | 9y ago | An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read… | |||
| CVE-2017-13810 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an … | |||
| CVE-2017-13804 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the … | |||
| CVE-2017-13782 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /… | |||
| CVE-2017-16794 | medium | 5.5 | 5.5 | 9y ago | The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-b… | |||
| CVE-2017-16711 | medium | 5.5 | 5.5 | 9y ago | The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer der… | |||
| CVE-2017-16663 | medium | 5.5 | 5.5 | 9y ago | In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely. | |||
| CVE-2017-13680 | medium | 5.5 | 5.5 | 9y ago | Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on t… | |||
| CVE-2017-14025 | medium | 5.5 | 5.5 | 9y ago | An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious paramete… | |||
| CVE-2017-15306 | medium | 5.5 | 5.5 | 9y ago | The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) … |