Total
5678 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14903 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7. | |||||
CVE-2017-15045 | 1 Lame Project | 1 Lame | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. | |||||
CVE-2017-16573 | 1 Foxitsoftware | 1 Foxit Reader | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LZWDecode filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5078. | |||||
CVE-2017-5088 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | |||||
CVE-2017-9782 | 1 Jasper Project | 1 Jasper | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c. | |||||
CVE-2017-12987 | 3 Debian, Redhat, Tcpdump | 5 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). | |||||
CVE-2017-14407 | 1 Mp3gain | 1 Mp3gain | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. | |||||
CVE-2017-11116 | 1 Openexif Project | 1 Openexif | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The ExifImageFile::readDQT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted jpg file. | |||||
CVE-2017-13036 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). | |||||
CVE-2017-12958 | 1 Gnu | 1 Pspp | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |||||
CVE-2017-12901 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). | |||||
CVE-2017-6264 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264. | |||||
CVE-2017-8199 | 1 Huawei | 6 Max Presence, Max Presence Firmware, Tp3106 and 3 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. | |||||
CVE-2017-11661 | 1 Mindwerks | 1 Wildmidi | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||||
CVE-2017-10987 | 1 Freeradius | 1 Freeradius | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. | |||||
CVE-2017-13017 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). | |||||
CVE-2017-9204 | 1 Entropymine | 1 Imageworsener | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c. | |||||
CVE-2017-15931 | 1 Radare | 1 Radare2 | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. | |||||
CVE-2017-13029 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). | |||||
CVE-2017-17503 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. |