CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0640 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the poss… | |||
| CVE-2017-0639 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a … | |||
| CVE-2017-8239 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory. | |||
| CVE-2017-8235 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected. | |||
| CVE-2017-7366 | medium | 5.5 | 5.5 | 9y ago | In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters. | |||
| CVE-2017-9605 | medium | 5.5 | 5.5 | 9y ago | The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variabl… | |||
| CVE-2017-6696 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected syste… | |||
| CVE-2017-6695 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases:… | |||
| CVE-2017-6694 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext crede… | |||
| CVE-2017-6693 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system,… | |||
| CVE-2017-9520 | medium | 5.5 | 5.5 | 9y ago | The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. | |||
| CVE-2017-4900 | medium | 5.5 | 5.5 | 9y ago | VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with norma… | |||
| CVE-2017-9474 | medium | 5.5 | 5.5 | 9y ago | In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||
| CVE-2017-9473 | medium | 5.5 | 5.5 | 9y ago | In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||
| CVE-2017-9472 | medium | 5.5 | 5.5 | 9y ago | In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||
| CVE-2017-9471 | medium | 5.5 | 5.5 | 9y ago | In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||
| CVE-2017-9470 | medium | 5.5 | 5.5 | 9y ago | In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | |||
| CVE-2017-7515 | medium | 5.5 | 5.5 | 9y ago | poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. | |||
| CVE-2017-3740 | medium | 5.5 | 5.5 | 9y ago | In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the sys… | |||
| CVE-2017-9060 | medium | 5.5 | 5.5 | 9y ago | Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large nu… | |||
| CVE-2017-4897 | medium | 5.5 | 5.5 | 9y ago | VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a mal… | |||
| CVE-2017-7511 | medium | 5.5 | 5.5 | 9y ago | poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. | |||
| CVE-2017-9302 | medium | 5.5 | 5.5 | 9y ago | RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file. | |||
| CVE-2017-9242 | medium | 5.5 | 5.5 | 9y ago | The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to… | |||
| CVE-2017-8542 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-8539 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-8314 | medium | 5.5 | 5.5 | 9y ago | Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. | |||
| CVE-2017-8313 | medium | 5.5 | 5.5 | 9y ago | Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via … | |||
| CVE-2017-8312 | medium | 5.5 | 5.5 | 9y ago | multiple issues in vlc | |||
| CVE-2017-8310 | medium | 5.5 | 5.5 | 9y ago | multiple issues in vlc | |||
| CVE-2017-9211 | medium | 5.5 | 5.5 | 9y ago | The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of se… | |||
| CVE-2017-9210 | medium | 5.5 | 5.5 | 9y ago | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop… | |||
| CVE-2017-9209 | medium | 5.5 | 5.5 | 9y ago | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpd… | |||
| CVE-2017-9208 | medium | 5.5 | 5.5 | 9y ago | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infi… | |||
| CVE-2017-6990 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a craf… | |||
| CVE-2017-6987 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2540 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions v… | |||
| CVE-2017-2507 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-2502 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involve… | |||
| CVE-2017-9059 | medium | 5.5 | 5.5 | 9y ago | The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an … | |||
| CVE-2017-9044 | medium | 5.5 | 5.5 | 9y ago | The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. | |||
| CVE-2017-9041 | medium | 5.5 | 5.5 | 9y ago | GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_… | |||
| CVE-2017-9040 | medium | 5.5 | 5.5 | 9y ago | GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafte… | |||
| CVE-2017-9039 | medium | 5.5 | 5.5 | 9y ago | GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. | |||
| CVE-2017-9038 | medium | 5.5 | 5.5 | 9y ago | GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in el… | |||
| CVE-2017-8382 | medium | 4.5 | 5.5 | 9y ago | admidio CSRF Vulnerability | |||
| CVE-2017-7495 | medium | 5.5 | 5.5 | 9y ago | fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from ot… | |||
| CVE-2017-8934 | medium | 5.5 | 5.5 | 9y ago | PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). | |||
| CVE-2017-8925 | medium | 5.5 | 5.5 | 9y ago | The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. | |||
| CVE-2017-0635 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rat… | |||
| CVE-2017-0626 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High be… | |||
| CVE-2017-0625 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High be… | |||
| CVE-2017-0624 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it… | |||
| CVE-2017-0602 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue… | |||
| CVE-2017-0601 | medium | 5.5 | 5.5 | 9y ago | An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated a… | |||
| CVE-2017-0600 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severi… | |||
| CVE-2017-0599 | medium | 5.5 | 5.5 | 9y ago | A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due … | |||
| CVE-2017-0598 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. … | |||
| CVE-2017-0493 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate du… | |||
| CVE-2017-0242 | medium | 5.5 | 5.5 | 9y ago | An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability." | |||
| CVE-2017-8908 | medium | 5.5 | 5.5 | 9y ago | The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. | |||
| CVE-2017-8360 | medium | 5.5 | 5.5 | 9y ago | Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKey… | |||
| CVE-2017-8906 | medium | 5.5 | 5.5 | 9y ago | An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and ot… | |||
| CVE-2017-8891 | medium | 5.5 | 5.5 | 9y ago | Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. | |||
| CVE-2017-0355 | medium | 5.5 | 5.5 | 9y ago | All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to … | |||
| CVE-2017-0353 | medium | 5.5 | 5.5 | 9y ago | All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of ser… | |||
| CVE-2017-7967 | medium | 5.5 | 5.5 | 9y ago | All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes t… | |||
| CVE-2017-8847 | medium | 5.5 | 5.5 | 9y ago | The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted arch… | |||
| CVE-2017-8846 | medium | 5.5 | 5.5 | 9y ago | The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive. | |||
| CVE-2017-8845 | medium | 5.5 | 5.5 | 9y ago | The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive. | |||
| CVE-2017-8843 | medium | 5.5 | 5.5 | 9y ago | The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. | |||
| CVE-2017-8842 | medium | 5.5 | 5.5 | 9y ago | The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive. | |||
| CVE-2017-8391 | medium | 5.5 | 5.5 | 9y ago | The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows… | |||
| CVE-2017-8421 | medium | 5.5 | 5.5 | 9y ago | The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory ex… | |||
| CVE-2017-8374 | medium | 5.5 | 5.5 | 9y ago | The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | |||
| CVE-2017-8339 | medium | 5.5 | 5.5 | 9y ago | PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver. | |||
| CVE-2017-8106 | medium | 5.5 | 5.5 | 9y ago | The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) v… | |||
| CVE-2017-3619 | medium | 5.5 | 5.5 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-3454 | medium | 5.5 | 5.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high… | |||
| CVE-2017-3232 | medium | 5.5 | 5.5 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-2322 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to… | |||
| CVE-2017-2328 | medium | 5.5 | 5.5 | 9y ago | An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to elevate their permission… | |||
| CVE-2017-2327 | medium | 5.5 | 5.5 | 9y ago | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to consume large amounts of syst… | |||
| CVE-2017-8071 | medium | 5.5 | 5.5 | 9y ago | drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial… | |||
| CVE-2017-8054 | medium | 5.5 | 5.5 | 9y ago | The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PD… | |||
| CVE-2017-8053 | medium | 5.5 | 5.5 | 9y ago | PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp). | |||
| CVE-2017-7718 | medium | 5.5 | 5.5 | 9y ago | hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying… | |||
| CVE-2017-7982 | medium | 5.5 | 5.5 | 9y ago | Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and applic… | |||
| CVE-2017-7282 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This … | |||
| CVE-2017-7962 | medium | 5.5 | 5.5 | 9y ago | The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a craf… | |||
| CVE-2017-7960 | medium | 5.5 | 5.5 | 9y ago | The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. | |||
| CVE-2017-7849 | medium | 5.5 | 5.5 | 9y ago | Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode. | |||
| CVE-2017-7946 | medium | 5.5 | 5.5 | 9y ago | The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. | |||
| CVE-2017-7940 | medium | 5.5 | 5.5 | 9y ago | The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. | |||
| CVE-2017-7939 | medium | 5.5 | 5.5 | 9y ago | The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. | |||
| CVE-2017-7854 | medium | 5.5 | 5.5 | 9y ago | The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file. | |||
| CVE-2017-7742 | medium | 5.5 | 5.5 | 9y ago | In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file duri… | |||
| CVE-2017-7741 | medium | 5.5 | 5.5 | 9y ago | In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file dur… | |||
| CVE-2017-7716 | medium | 5.5 | 5.5 | 9y ago | The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembl… | |||
| CVE-2017-3053 | medium | 5.5 | 5.5 | 9y ago | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of th… |