Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15309 | 1 Huawei | 1 Ireader | 2018-01-05 | 5.8 MEDIUM | 7.1 HIGH |
| Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory. | |||||
| CVE-2017-15308 | 1 Huawei | 1 Ireader | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run. | |||||
| CVE-2017-15316 | 1 Huawei | 4 Mate 9, Mate 9 Firmware, Mate 9 Pro and 1 more | 2018-01-05 | 9.3 HIGH | 7.8 HIGH |
| The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution. | |||||
| CVE-2017-6132 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart. | |||||
| CVE-2017-6138 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. | |||||
| CVE-2017-15700 | 1 Apache | 1 Sling Authentication Service | 2018-01-05 | 4.3 MEDIUM | 8.8 HIGH |
| A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. | |||||
| CVE-2016-9083 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.2 HIGH | 7.8 HIGH |
| drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." | |||||
| CVE-2016-9084 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.6 MEDIUM | 7.8 HIGH |
| drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. | |||||
| CVE-2016-8666 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.8 HIGH | 7.5 HIGH |
| The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039. | |||||
| CVE-2016-9793 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.2 HIGH | 7.8 HIGH |
| The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. | |||||
| CVE-2016-5652 | 1 Libtiff | 1 Libtiff | 2018-01-05 | 6.8 MEDIUM | 7.0 HIGH |
| An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means. | |||||
| CVE-2016-9794 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.2 HIGH | 7.8 HIGH |
| Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. | |||||
| CVE-2016-9177 | 1 Sparkjava | 1 Spark | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2016-7543 | 2 Fedoraproject, Gnu | 2 Fedora, Bash | 2018-01-05 | 7.2 HIGH | 8.4 HIGH |
| Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | |||||
| CVE-2016-7444 | 1 Gnu | 1 Gnutls | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. | |||||
| CVE-2017-5074 | 2 Google, Microsoft | 2 Chrome, Windows | 2018-01-05 | 5.4 MEDIUM | 8.0 HIGH |
| A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth. | |||||
| CVE-2017-8291 | 1 Artifex | 1 Ghostscript | 2018-01-05 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. | |||||
| CVE-2017-2636 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.2 HIGH | 7.8 HIGH |
| Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | |||||
| CVE-2017-7869 | 1 Gnu | 1 Gnutls | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. | |||||
| CVE-2017-7507 | 1 Gnu | 1 Gnutls | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. | |||||
| CVE-2017-7502 | 1 Mozilla | 1 Network Security Services | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. | |||||
| CVE-2017-5032 | 2 Google, Microsoft | 2 Chrome, Windows | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2017-5034 | 3 Google, Linux, Microsoft | 3 Chrome, Linux Kernel, Windows | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | |||||
| CVE-2017-5055 | 3 Google, Linux, Microsoft | 3 Chrome, Linux Kernel, Windows | 2018-01-05 | 9.3 HIGH | 8.8 HIGH |
| A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-5058 | 2 Google, Microsoft | 2 Chrome, Windows | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2017-5064 | 2 Google, Microsoft | 2 Chrome, Windows | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2017-5843 | 1 Gstreamer Project | 1 Gstreamer | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. | |||||
| CVE-2017-5080 | 3 Google, Linux, Microsoft | 3 Chrome, Linux Kernel, Windows | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-5092 | 3 Debian, Google, Microsoft | 3 Debian Linux, Chrome, Windows | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2017-5097 | 3 Debian, Google, Linux | 3 Debian Linux, Chrome, Linux Kernel | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-5099 | 3 Debian, Google, Linux | 3 Debian Linux, Chrome, Linux Kernel | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page. | |||||
| CVE-2017-5884 | 2 Fedoraproject, Gnome | 2 Fedora, Gtk-vnc | 2018-01-05 | 6.8 MEDIUM | 7.8 HIGH |
| gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | |||||
| CVE-2017-5838 | 1 Gstreamer Project | 1 Gstreamer | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. | |||||
| CVE-2017-7477 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 6.9 MEDIUM | 7.0 HIGH |
| Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. | |||||
| CVE-2017-7533 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. | |||||
| CVE-2017-7484 | 1 Postgresql | 1 Postgresql | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. | |||||
| CVE-2017-5841 | 1 Gstreamer Project | 1 Gstreamer | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. | |||||
| CVE-2017-5495 | 1 Quagga | 1 Quagga | 2018-01-05 | 7.8 HIGH | 7.5 HIGH |
| All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10. | |||||
| CVE-2017-7486 | 1 Postgresql | 1 Postgresql | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. | |||||
| CVE-2017-5845 | 1 Gstreamer Project | 1 Gstreamer | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag. | |||||
| CVE-2016-7549 | 1 Google | 1 Chrome | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message. | |||||
| CVE-2016-5829 | 3 Debian, Linux, Novell | 3 Debian Linux, Linux Kernel, Suse Linux Enterprise Real Time Extension | 2018-01-05 | 7.2 HIGH | 7.8 HIGH |
| Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. | |||||
| CVE-2017-14694 | 1 Foxitsoftware | 1 Foxit Reader | 2018-01-05 | 4.6 MEDIUM | 7.8 HIGH |
| Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 and earlier, when running in single instance mode, allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.". | |||||
| CVE-2016-7030 | 1 Freeipa | 1 Freeipa | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on. | |||||
| CVE-2016-5828 | 3 Debian, Linux, Novell | 3 Debian Linux, Linux Kernel, Suse Linux Enterprise Real Time Extension | 2018-01-05 | 7.2 HIGH | 7.8 HIGH |
| The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. | |||||
| CVE-2016-5767 | 2 Libgd, Php | 2 Libgd, Php | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. | |||||
| CVE-2016-7910 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 9.3 HIGH | 7.8 HIGH |
| Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. | |||||
| CVE-2016-8399 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935. | |||||
| CVE-2016-7130 | 1 Php | 1 Php | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document. | |||||
| CVE-2016-7125 | 1 Php | 1 Php | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. | |||||