CVEs from 2017
Total
11,613
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2711 | medium | 5.5 | 5.5 | 9y ago | P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious app… | |||
| CVE-2017-2709 | medium | 5.5 | 5.5 | 9y ago | HiGame with software earlier than 7.3.0 versions, SkyTone with software earlier than 8.1.1 versions have a DoS Vulnerability. An attacker tricks a user into installing a malicious application on the … | |||
| CVE-2017-2695 | medium | 5.5 | 5.5 | 9y ago | TIT-AL00C583B211 has a directory traversal vulnerability which allows an attacker to obtain the files in email application. | |||
| CVE-2017-2690 | medium | 5.5 | 5.5 | 9y ago | SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V20… | |||
| CVE-2017-12193 | medium | 5.5 | 5.5 | 9y ago | The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL point… | |||
| CVE-2017-3157 | medium | 5.5 | 5.5 | 9y ago | By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrie… | |||
| CVE-2017-16898 | medium | 5.5 | 5.5 | 9y ago | The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a dif… | |||
| CVE-2017-1000128 | medium | 5.5 | 5.5 | 9y ago | Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser | |||
| CVE-2017-1000127 | medium | 5.5 | 5.5 | 9y ago | Exiv2 0.26 contains a heap buffer overflow in tiff parser | |||
| CVE-2017-1000126 | medium | 5.5 | 5.5 | 9y ago | exiv2 0.26 contains a Stack out of bounds read in webp parser | |||
| CVE-2017-10888 | medium | 5.5 | 5.5 | 9y ago | BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors. | |||
| CVE-2017-16868 | medium | 5.5 | 5.5 | 9y ago | In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer ove… | |||
| CVE-2017-1000201 | medium | 5.5 | 5.5 | 9y ago | The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack | |||
| CVE-2017-1000186 | medium | 5.5 | 5.5 | 9y ago | In SWFTools, a stack overflow was found in pdf2swf. | |||
| CVE-2017-1000185 | medium | 5.5 | 5.5 | 9y ago | In SWFTools, a memcpy buffer overflow was found in gif2swf. | |||
| CVE-2017-1000182 | medium | 5.5 | 5.5 | 9y ago | In SWFTools, a memory leak was found in wav2swf. | |||
| CVE-2017-1000176 | medium | 5.5 | 5.5 | 9y ago | In SWFTools, a memcpy buffer overflow was found in swfc. | |||
| CVE-2017-1000174 | medium | 5.5 | 5.5 | 9y ago | In SWFTools, an address access exception was found in swfdump swf_GetBits(). | |||
| CVE-2017-15517 | medium | 5.5 | 5.5 | 9y ago | AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by … | |||
| CVE-2017-11877 | medium | 5.5 | 5.5 | 9y ago | Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibi… | |||
| CVE-2017-11853 | medium | 5.5 | 5.5 | 9y ago | Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, … | |||
| CVE-2017-11835 | medium | 5.5 | 5.5 | 9y ago | Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows … | |||
| CVE-2017-7475 | medium | 5.5 | 5.5 | 9y ago | cairo is vulnerable to denial of service due to a null pointer dereference | |||
| CVE-2017-12624 | medium | 5.5 | 5.5 | 9y ago | Improper Input Validation in Apache CXF | |||
| CVE-2017-16808 | medium | 5.5 | 5.5 | 9y ago | tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. | |||
| CVE-2017-16805 | medium | 5.5 | 5.5 | 9y ago | In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c … | |||
| CVE-2017-8806 | medium | 5.5 | 5.5 | 9y ago | The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debia… | |||
| CVE-2017-7113 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fiel… | |||
| CVE-2017-13842 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-13841 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-13840 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-13836 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-13828 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Fonts" component. It allows remote attackers to spoof the user interface via crafted text. | |||
| CVE-2017-13823 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via … | |||
| CVE-2017-13822 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via… | |||
| CVE-2017-13821 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a… | |||
| CVE-2017-13818 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-13817 | medium | 5.5 | 5.5 | 9y ago | An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read… | |||
| CVE-2017-13810 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an … | |||
| CVE-2017-13804 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the … | |||
| CVE-2017-13782 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /… | |||
| CVE-2017-16794 | medium | 5.5 | 5.5 | 9y ago | The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-b… | |||
| CVE-2017-16711 | medium | 5.5 | 5.5 | 9y ago | The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer der… | |||
| CVE-2017-16663 | medium | 5.5 | 5.5 | 9y ago | In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely. | |||
| CVE-2017-13680 | medium | 5.5 | 5.5 | 9y ago | Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on t… | |||
| CVE-2017-14025 | medium | 5.5 | 5.5 | 9y ago | An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious paramete… | |||
| CVE-2017-15306 | medium | 5.5 | 5.5 | 9y ago | The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) … | |||
| CVE-2017-16359 | medium | 5.5 | 5.5 | 9y ago | In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. | |||
| CVE-2017-1000383 | medium | 5.5 | 5.5 | 9y ago | GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible… | |||
| CVE-2017-1000382 | medium | 5.5 | 5.5 | 9y ago | VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways… | |||
| CVE-2017-1000255 | medium | 5.5 | 5.5 | 9y ago | On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *fro… | |||
| CVE-2017-15955 | medium | 5.5 | 5.5 | 9y ago | bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file. | |||
| CVE-2017-15954 | medium | 5.5 | 5.5 | 9y ago | bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. | |||
| CVE-2017-15953 | medium | 5.5 | 5.5 | 9y ago | bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. | |||
| CVE-2017-15939 | medium | 5.5 | 5.5 | 9y ago | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a den… | |||
| CVE-2017-5082 | medium | 5.5 | 5.5 | 9y ago | multiple issues in chromium | |||
| CVE-2017-15922 | medium | 5.5 | 5.5 | 9y ago | In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. | |||
| CVE-2017-15873 | medium | 5.5 | 5.5 | 9y ago | The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. | |||
| CVE-2017-7150 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the "Security" component. It allows attackers to bypass the keychain access p… | |||
| CVE-2017-7143 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passw… | |||
| CVE-2017-7131 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive Contact card information via a craf… | |||
| CVE-2017-7119 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions… | |||
| CVE-2017-7118 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (crash) via a crafte… | |||
| CVE-2017-7097 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Mail MessageUI" component. It allows attackers to cause a denial of service (memory corruption) v… | |||
| CVE-2017-7079 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a cr… | |||
| CVE-2017-7074 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app. | |||
| CVE-2017-7072 | medium | 5.5 | 5.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "iBooks" component. It allows remote attackers to cause a denial of service (persistent outage) vi… | |||
| CVE-2017-15642 | medium | 5.5 | 5.5 | 9y ago | In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | |||
| CVE-2017-12286 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure o… | |||
| CVE-2017-12284 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confid… | |||
| CVE-2017-15537 | medium | 5.5 | 5.5 | 9y ago | The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserv… | |||
| CVE-2017-15372 | medium | 5.5 | 5.5 | 9y ago | There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion… | |||
| CVE-2017-15371 | medium | 5.5 | 5.5 | 9y ago | There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an … | |||
| CVE-2017-15370 | medium | 5.5 | 5.5 | 9y ago | There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | |||
| CVE-2017-15299 | medium | 5.5 | 5.5 | 9y ago | The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointe… | |||
| CVE-2017-15298 | medium | 5.5 | 5.5 | 9y ago | Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an i… | |||
| CVE-2017-10613 | medium | 5.5 | 5.5 | 9y ago | A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI … | |||
| CVE-2017-8703 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial o… | |||
| CVE-2017-8693 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, ak… | |||
| CVE-2017-11829 | medium | 5.5 | 5.5 | 9y ago | Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. | |||
| CVE-2017-11816 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 15… | |||
| CVE-2017-11814 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1… | |||
| CVE-2017-11784 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an inf… | |||
| CVE-2017-11765 | medium | 5.5 | 5.5 | 9y ago | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1… | |||
| CVE-2017-15280 | medium | 5.5 | 5.5 | 9y ago | Umbraco CMS XXE Vulnerability | |||
| CVE-2017-15274 | medium | 5.5 | 5.5 | 9y ago | security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service… | |||
| CVE-2017-12192 | medium | 5.5 | 5.5 | 9y ago | The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively insta… | |||
| CVE-2017-15266 | medium | 5.5 | 5.5 | 9y ago | In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. | |||
| CVE-2017-15225 | medium | 5.5 | 5.5 | 9y ago | _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory … | |||
| CVE-2017-14971 | medium | 5.5 | 5.5 | 9y ago | Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated w… | |||
| CVE-2017-15046 | medium | 5.5 | 5.5 | 9y ago | LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. | |||
| CVE-2017-15045 | medium | 5.5 | 5.5 | 9y ago | LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/… | |||
| CVE-2017-1301 | medium | 5.5 | 5.5 | 9y ago | IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit… | |||
| CVE-2017-15025 | medium | 5.5 | 5.5 | 9y ago | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error … | |||
| CVE-2017-15024 | medium | 5.5 | 5.5 | 9y ago | find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite r… | |||
| CVE-2017-15023 | medium | 5.5 | 5.5 | 9y ago | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote atta… | |||
| CVE-2017-15022 | medium | 5.5 | 5.5 | 9y ago | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of … | |||
| CVE-2017-15021 | medium | 5.5 | 5.5 | 9y ago | bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based b… | |||
| CVE-2017-15018 | medium | 5.5 | 5.5 | 9y ago | LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and 3.98 have a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. | |||
| CVE-2017-1000113 | medium | 5.5 | 5.5 | 9y ago | Jenkins Deploy to container Plugin stored plain text passwords in job configuration |