Total
5812 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11668 | 1 Eapmd5pass Project | 1 Eapmd5pass | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic. | |||||
CVE-2017-7668 | 6 Apache, Apple, Debian and 3 more | 13 Http Server, Mac Os X, Debian Linux and 10 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. | |||||
CVE-2015-9099 | 1 Lame Project | 1 Lame | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate. | |||||
CVE-2017-9870 | 1 Lame Project | 1 Lame | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126. | |||||
CVE-2017-16808 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. | |||||
CVE-2017-11341 | 1 Libsass | 1 Libsass | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. | |||||
CVE-2017-15228 | 1 Irssi | 1 Irssi | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. | |||||
CVE-2017-17081 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. | |||||
CVE-2017-6418 | 1 Clamav | 1 Clamav | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. | |||||
CVE-2017-9726 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |||||
CVE-2017-13005 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter(). | |||||
CVE-2017-13018 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | |||||
CVE-2017-14731 | 1 Libofx Project | 1 Libofx | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. | |||||
CVE-2017-13044 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). | |||||
CVE-2017-12452 | 1 Gnu | 1 Binutils | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. | |||||
CVE-2017-14408 | 1 Mp3gain | 1 Mp3gain | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. | |||||
CVE-2017-12993 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. | |||||
CVE-2017-11367 | 1 Shoco Project | 1 Shoco | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data. | |||||
CVE-2017-14034 | 1 Libbpg Project | 1 Libbpg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact. | |||||
CVE-2017-17125 | 1 Gnu | 1 Binutils | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file. |