CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16359 | medium | 5.5 | 5.5 | 9y ago | In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. | |||
| CVE-2017-1000383 | medium | 5.5 | 5.5 | 9y ago | GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible… | |||
| CVE-2017-1000382 | medium | 5.5 | 5.5 | 9y ago | VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways… | |||
| CVE-2017-1000255 | medium | 5.5 | 5.5 | 9y ago | On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *fro… | |||
| CVE-2017-15955 | medium | 5.5 | 5.5 | 9y ago | bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file. | |||
| CVE-2017-15954 | medium | 5.5 | 5.5 | 9y ago | bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. | |||
| CVE-2017-15953 | medium | 5.5 | 5.5 | 9y ago | bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. | |||
| CVE-2017-15939 | medium | 5.5 | 5.5 | 9y ago | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a den… | |||
| CVE-2017-5082 | medium | 5.5 | 5.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-15922 | medium | 5.5 | 5.5 | 9y ago | In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. | |||
| CVE-2017-15873 | medium | 5.5 | 5.5 | 9y ago | The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. | |||
| CVE-2017-7150 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access p… | |||
| CVE-2017-7143 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passw… | |||
| CVE-2017-7131 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive Contact card information via a craf… | |||
| CVE-2017-7119 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions… | |||
| CVE-2017-7118 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (crash) via a crafte… | |||
| CVE-2017-7097 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Mail MessageUI" component. It allows attackers to cause a denial of service (memory corruption) v… | |||
| CVE-2017-7079 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a cr… | |||
| CVE-2017-7074 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app. | |||
| CVE-2017-7072 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "iBooks" component. It allows remote attackers to cause a denial of service (persistent outage) vi… | |||
| CVE-2017-15642 | medium | 5.5 | 5.5 | 9y ago | In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | |||
| CVE-2017-12286 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure o… | |||
| CVE-2017-12284 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confid… | |||
| CVE-2017-15537 | medium | 5.5 | 5.5 | 9y ago | The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserv… | |||
| CVE-2017-15372 | medium | 5.5 | 5.5 | 9y ago | There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion… | |||
| CVE-2017-15371 | medium | 5.5 | 5.5 | 9y ago | There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an … | |||
| CVE-2017-15370 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | |||
| CVE-2017-15299 | medium | 5.5 | 5.5 | 9y ago | The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointe… | |||
| CVE-2017-15298 | medium | 5.5 | 5.5 | 9y ago | Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an i… | |||
| CVE-2017-10613 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI … | |||
| CVE-2017-8703 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial o… | |||
| CVE-2017-8693 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, ak… | |||
| CVE-2017-11829 | medium | 5.5 | 5.5 | 9y ago | Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. | |||
| CVE-2017-11816 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 15… | |||
| CVE-2017-11814 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1… | |||
| CVE-2017-11784 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an inf… | |||
| CVE-2017-11765 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1… | |||
| CVE-2017-15280 | medium | 5.5 | 5.5 | 9y ago | Umbraco CMS XXE Vulnerability | |||
| CVE-2017-15274 | medium | 5.5 | 5.5 | 9y ago | security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service… | |||
| CVE-2017-12192 | medium | 5.5 | 5.5 | 9y ago | The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively insta… | |||
| CVE-2017-15266 | medium | 5.5 | 5.5 | 9y ago | In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. | |||
| CVE-2017-15225 | medium | 5.5 | 5.5 | 9y ago | _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory … | |||
| CVE-2017-14971 | medium | 5.5 | 5.5 | 9y ago | Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated w… | |||
| CVE-2017-15046 | medium | 5.5 | 5.5 | 9y ago | LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. | |||
| CVE-2017-15045 | medium | 5.5 | 5.5 | 9y ago | LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/… | |||
| CVE-2017-1301 | medium | 5.5 | 5.5 | 9y ago | IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit… | |||
| CVE-2017-15025 | medium | 5.5 | 5.5 | 9y ago | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error … | |||
| CVE-2017-15024 | medium | 5.5 | 5.5 | 9y ago | find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite r… | |||
| CVE-2017-15023 | medium | 5.5 | 5.5 | 9y ago | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote atta… | |||
| CVE-2017-15022 | medium | 5.5 | 5.5 | 9y ago | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of … | |||
| CVE-2017-15021 | medium | 5.5 | 5.5 | 9y ago | bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based b… | |||
| CVE-2017-15018 | medium | 5.5 | 5.5 | 9y ago | LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. | |||
| CVE-2017-1000113 | medium | 5.5 | 5.5 | 9y ago | Jenkins Deploy to container Plugin stored plain text passwords in job configuration | |||
| CVE-2017-14991 | medium | 5.5 | 5.5 | 9y ago | The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_T… | |||
| CVE-2017-0816 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938. | |||
| CVE-2017-0815 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567. | |||
| CVE-2017-14988 | medium | 5.5 | 5.5 | 9y ago | Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputF… | |||
| CVE-2017-14771 | medium | 5.5 | 5.5 | 9y ago | Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the app… | |||
| CVE-2017-14770 | medium | 5.5 | 5.5 | 9y ago | Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debu… | |||
| CVE-2017-14974 | medium | 5.5 | 5.5 | 9y ago | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which all… | |||
| CVE-2017-14954 | medium | 5.5 | 5.5 | 9y ago | The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass… | |||
| CVE-2017-14940 | medium | 5.5 | 5.5 | 9y ago | scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer der… | |||
| CVE-2017-14938 | medium | 5.5 | 5.5 | 9y ago | _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive m… | |||
| CVE-2017-14934 | medium | 5.5 | 5.5 | 9y ago | process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a… | |||
| CVE-2017-14933 | medium | 5.5 | 5.5 | 9y ago | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) … | |||
| CVE-2017-14932 | medium | 5.5 | 5.5 | 9y ago | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a … | |||
| CVE-2017-14931 | medium | 5.5 | 5.5 | 9y ago | ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file. | |||
| CVE-2017-14930 | medium | 5.5 | 5.5 | 9y ago | Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory… | |||
| CVE-2017-14928 | medium | 5.5 | 5.5 | 9y ago | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. | |||
| CVE-2017-14927 | medium | 5.5 | 5.5 | 9y ago | In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. | |||
| CVE-2017-14926 | medium | 5.5 | 5.5 | 9y ago | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. | |||
| CVE-2017-14866 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | |||
| CVE-2017-14865 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | |||
| CVE-2017-14864 | medium | 5.5 | 5.5 | 9y ago | An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of servi… | |||
| CVE-2017-14863 | medium | 5.5 | 5.5 | 9y ago | A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of … | |||
| CVE-2017-14862 | medium | 5.5 | 5.5 | 9y ago | An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial o… | |||
| CVE-2017-14861 | medium | 5.5 | 5.5 | 9y ago | There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-14860 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | |||
| CVE-2017-14859 | medium | 5.5 | 5.5 | 9y ago | An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to de… | |||
| CVE-2017-14858 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | |||
| CVE-2017-14857 | medium | 5.5 | 5.5 | 9y ago | In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack. | |||
| CVE-2017-1000252 | medium | 5.5 | 5.5 | 9y ago | The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related… | |||
| CVE-2017-9959 | medium | 5.5 | 5.5 | 9y ago | A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of serv… | |||
| CVE-2017-7972 | medium | 5.5 | 5.5 | 9y ago | A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to… | |||
| CVE-2017-14737 | medium | 5.5 | 5.5 | 9y ago | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as d… | |||
| CVE-2017-6271 | medium | 5.5 | 5.5 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while proces… | |||
| CVE-2017-6270 | medium | 5.5 | 5.5 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a cal… | |||
| CVE-2017-6267 | medium | 5.5 | 5.5 | 9y ago | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of serv… | |||
| CVE-2017-6266 | medium | 5.5 | 5.5 | 9y ago | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. | |||
| CVE-2017-14681 | medium | 5.5 | 5.5 | 9y ago | The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to t… | |||
| CVE-2017-14649 | medium | 5.5 | 5.5 | 9y ago | ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). | |||
| CVE-2017-11040 | medium | 5.5 | 5.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to. | |||
| CVE-2017-11002 | medium | 5.5 | 5.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur. | |||
| CVE-2017-11001 | medium | 5.5 | 5.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read. | |||
| CVE-2017-10996 | medium | 5.5 | 5.5 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. This error is not fa… | |||
| CVE-2017-14529 | medium | 5.5 | 5.5 | 9y ago | The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attack… | |||
| CVE-2017-14517 | medium | 5.5 | 5.5 | 9y ago | In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | |||
| CVE-2017-4925 | medium | 5.5 | 5.5 | 9y ago | VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.… | |||
| CVE-2017-14340 | medium | 5.5 | 5.5 | 9y ago | The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service … | |||
| CVE-2017-14483 | medium | 5.5 | 5.5 | 9y ago | flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leve… |