CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9049 | high | 7.5 | 7.5 | 9y ago | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, t… | |||
| CVE-2017-9048 | high | 7.5 | 7.5 | 9y ago | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition in… | |||
| CVE-2017-9047 | high | 7.5 | 7.5 | 9y ago | A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char b… | |||
| CVE-2017-8338 | high | 7.5 | 7.5 | 9y ago | A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing th… | |||
| CVE-2017-9030 | high | 7.5 | 7.5 | 9y ago | The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary… | |||
| CVE-2017-5214 | high | 7.5 | 7.5 | 9y ago | The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploade… | |||
| CVE-2017-6658 | high | 7.5 | 7.5 | 9y ago | Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of… | |||
| CVE-2017-6657 | high | 7.5 | 7.5 | 9y ago | Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. Th… | |||
| CVE-2017-6651 | high | 7.5 | 7.5 | 9y ago | A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due … | |||
| CVE-2017-3876 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected devi… | |||
| CVE-2017-3873 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an un… | |||
| CVE-2017-3825 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to … | |||
| CVE-2017-8929 | high | 7.5 | 7.5 | 9y ago | The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule. | |||
| CVE-2017-5654 | high | 7.5 | 7.5 | 9y ago | In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes. | |||
| CVE-2017-8921 | high | 7.5 | 7.5 | 9y ago | In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). … | |||
| CVE-2017-7486 | high | 7.5 | 7.5 | 9y ago | PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. | |||
| CVE-2017-7484 | high | 7.5 | 7.5 | 9y ago | It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges… | |||
| CVE-2017-2163 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | |||
| CVE-2017-0266 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulner… | |||
| CVE-2017-0248 | high | 7.5 | 7.5 | 9y ago | Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core | |||
| CVE-2017-0247 | high | 7.5 | 7.5 | 9y ago | ASP.NET Core fails to properly validate web requests | |||
| CVE-2017-0240 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerabil… | |||
| CVE-2017-0238 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE I… | |||
| CVE-2017-0236 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-0235 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-0234 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-0230 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE I… | |||
| CVE-2017-0229 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE I… | |||
| CVE-2017-0228 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This C… | |||
| CVE-2017-0227 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerabil… | |||
| CVE-2017-0226 | high | 7.5 | 7.5 | 9y ago | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017… | |||
| CVE-2017-0224 | high | 7.5 | 7.5 | 9y ago | ChakraCore RCE Vulnerability | |||
| CVE-2017-0221 | high | 7.5 | 7.5 | 9y ago | A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240. | |||
| CVE-2017-8868 | high | 7.5 | 7.5 | 9y ago | acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. | |||
| CVE-2017-5892 | high | 7.5 | 7.5 | 9y ago | ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map. | |||
| CVE-2017-8855 | high | 7.5 | 7.5 | 9y ago | wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. | |||
| CVE-2017-8853 | high | 7.5 | 7.5 | 9y ago | Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | |||
| CVE-2017-3067 | high | 7.5 | 7.5 | 9y ago | Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms. | |||
| CVE-2017-8825 | high | 7.5 | 7.5 | 9y ago | A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed… | |||
| CVE-2017-8804 | high | 7.5 | 7.5 | 9y ago | The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual… | |||
| CVE-2017-3733 | high | 7.5 | 7.5 | 9y ago | During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (d… | |||
| CVE-2017-3731 | high | 7.5 | 7.5 | 9y ago | If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resu… | |||
| CVE-2017-8776 | high | 7.5 | 7.5 | 9y ago | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR… | |||
| CVE-2017-5240 | high | 7.5 | 7.5 | 9y ago | Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of servi… | |||
| CVE-2017-7483 | high | 7.5 | 7.5 | 9y ago | Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to … | |||
| CVE-2017-8398 | high | 7.5 | 7.5 | 9y ago | dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binar… | |||
| CVE-2017-8397 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt bi… | |||
| CVE-2017-8396 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small… | |||
| CVE-2017-8395 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memo… | |||
| CVE-2017-8394 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section.… | |||
| CVE-2017-8393 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcop… | |||
| CVE-2017-8392 | high | 7.5 | 7.5 | 9y ago | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL… | |||
| CVE-2017-6128 | high | 7.5 | 7.5 | 9y ago | An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow. | |||
| CVE-2017-2153 | high | 7.5 | 7.5 | 9y ago | SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UD… | |||
| CVE-2017-8308 | high | 7.5 | 7.5 | 9y ago | In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense fe… | |||
| CVE-2017-8296 | high | 7.5 | 7.5 | 9y ago | kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of … | |||
| CVE-2017-8294 | high | 7.5 | 7.5 | 9y ago | libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_ex… | |||
| CVE-2017-5186 | high | 7.5 | 7.5 | 9y ago | Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the de… | |||
| CVE-2017-7415 | high | 7.5 | 7.5 | 9y ago | Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource. | |||
| CVE-2017-3621 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: IPC Frameworks). The supported version that is affected is AK 2013. Easily "explo… | |||
| CVE-2017-3572 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce (subcomponent: MDEX). Supported versions that are affected are 6.2.2, 6.3.0, 6.4.1… | |||
| CVE-2017-3555 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: Self Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.… | |||
| CVE-2017-3548 | medium | 6.5 | 7.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "expl… | |||
| CVE-2017-3546 | medium | 6.5 | 7.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily "… | |||
| CVE-2017-3538 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to … | |||
| CVE-2017-3519 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" v… | |||
| CVE-2017-3518 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0, 13.1.0 … | |||
| CVE-2017-3499 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware (subcomponent: Android Client). The supported version that is affected is prior to 11.1.12.0.0 (17019101). Easily "exp… | |||
| CVE-2017-3450 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable"… | |||
| CVE-2017-3329 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earl… | |||
| CVE-2017-3233 | high | 7.5 | 7.5 | 9y ago | Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulner… | |||
| CVE-2017-1000361 | high | 7.5 | 7.5 | 9y ago | OpenDaylight Controller DoS | |||
| CVE-2017-1000357 | high | 7.5 | 7.5 | 9y ago | Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for t… | |||
| CVE-2017-2334 | high | 7.5 | 7.5 | 9y ago | An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middl… | |||
| CVE-2017-2323 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to … | |||
| CVE-2017-2315 | high | 7.5 | 7.5 | 9y ago | On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (… | |||
| CVE-2017-2313 | high | 7.5 | 7.5 | 9y ago | Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashe… | |||
| CVE-2017-8077 | high | 7.5 | 7.5 | 9y ago | On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||
| CVE-2017-8073 | high | 7.5 | 7.5 | 9y ago | denial of service in weechat | |||
| CVE-2017-8050 | high | 7.5 | 7.5 | 9y ago | Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. | |||
| CVE-2017-3808 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a d… | |||
| CVE-2017-6919 | high | 7.5 | 7.5 | 9y ago | Drupal access control bypass vulnerability | |||
| CVE-2017-7978 | high | 7.5 | 7.5 | 9y ago | Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is… | |||
| CVE-2017-7963 | high | 7.5 | 7.5 | 9y ago | The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long str… | |||
| CVE-2017-5656 | high | 7.5 | 7.5 | 9y ago | Session Fixation in Apache CXF | |||
| CVE-2017-7645 | high | 7.5 | 7.5 | 9y ago | The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c,… | |||
| CVE-2017-7892 | high | 7.5 | 7.5 | 9y ago | Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on … | |||
| CVE-2017-5659 | high | 7.5 | 7.5 | 9y ago | Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | |||
| CVE-2017-5650 | high | 7.5 | 7.5 | 9y ago | In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting f… | |||
| CVE-2017-5647 | high | 7.5 | 7.5 | 9y ago | A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in… | |||
| CVE-2017-7879 | high | 7.5 | 7.5 | 9y ago | SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | |||
| CVE-2017-7696 | high | 7.5 | 7.5 | 9y ago | SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_res… | |||
| CVE-2017-7408 | high | 7.5 | 7.5 | 9y ago | Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. | |||
| CVE-2017-7869 | high | 7.5 | 7.5 | 9y ago | GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a … | |||
| CVE-2017-7868 | high | 7.5 | 7.5 | 9y ago | International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and… | |||
| CVE-2017-7867 | high | 7.5 | 7.5 | 9y ago | International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and… | |||
| CVE-2017-7853 | high | 7.5 | 7.5 | 9y ago | In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a r… | |||
| CVE-2017-7748 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/pac… | |||
| CVE-2017-7747 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c… | |||
| CVE-2017-7746 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/pa… |