Max CVSS | 10.0 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2003-0926 | 5.0 |
Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets.
|
14-02-2024 - 01:17 | 01-12-2003 - 05:00 | |
CVE-2003-1013 | 5.0 |
The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.
|
14-02-2024 - 01:17 | 05-01-2004 - 05:00 | |
CVE-2003-0925 | 7.5 |
Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.
|
14-02-2024 - 01:17 | 01-12-2003 - 05:00 | |
CVE-2003-0927 | 7.5 |
Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.
|
14-02-2024 - 01:17 | 01-12-2003 - 05:00 | |
CVE-2003-1012 | 5.0 |
The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets.
|
14-02-2024 - 01:17 | 05-01-2004 - 05:00 | |
CVE-2017-17712 | 6.9 |
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
|
21-06-2023 - 21:01 | 16-12-2017 - 01:29 | |
CVE-2017-8824 | 7.2 |
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
|
24-02-2023 - 18:32 | 05-12-2017 - 09:29 | |
CVE-2017-17806 | 7.2 |
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HAS
|
19-01-2023 - 16:26 | 20-12-2017 - 23:29 | |
CVE-2017-16995 | 7.2 |
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
|
19-01-2023 - 15:48 | 27-12-2017 - 17:08 | |
CVE-2017-17805 | 7.2 |
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service
|
19-01-2023 - 15:45 | 20-12-2017 - 23:29 | |
CVE-2017-17784 | 6.8 |
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
|
07-02-2022 - 19:00 | 20-12-2017 - 09:29 | |
CVE-2017-17785 | 6.8 |
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
|
07-02-2022 - 18:59 | 20-12-2017 - 09:29 | |
CVE-2017-17786 | 6.8 |
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.
|
07-02-2022 - 18:49 | 20-12-2017 - 09:29 | |
CVE-2017-17787 | 6.8 |
In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
|
07-02-2022 - 18:48 | 20-12-2017 - 09:29 | |
CVE-2017-17788 | 4.3 |
In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.
|
07-02-2022 - 18:47 | 20-12-2017 - 09:29 | |
CVE-2017-17789 | 6.8 |
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
|
07-02-2022 - 18:43 | 20-12-2017 - 09:29 | |
CVE-2017-5754 | 4.7 |
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
|
19-11-2021 - 18:15 | 04-01-2018 - 13:29 | |
CVE-2017-12877 | 4.3 |
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
|
28-04-2021 - 18:12 | 28-08-2017 - 19:29 | |
CVE-2017-17504 | 4.3 |
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.
|
28-04-2021 - 18:08 | 11-12-2017 - 02:29 | |
CVE-2017-17499 | 7.5 |
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.
|
28-10-2020 - 19:27 | 11-12-2017 - 02:29 | |
CVE-2017-16546 | 6.8 |
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or po
|
22-10-2020 - 19:20 | 05-11-2017 - 22:29 | |
CVE-2017-13098 | 4.3 |
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can r
|
20-10-2020 - 22:15 | 13-12-2017 - 01:29 | |
CVE-2017-9406 | 4.3 |
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
|
03-10-2019 - 00:03 | 02-06-2017 - 19:29 | |
CVE-2017-9865 | 4.3 |
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in I
|
03-10-2019 - 00:03 | 25-06-2017 - 13:29 | |
CVE-2017-7830 | 4.3 |
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderb
|
03-10-2019 - 00:03 | 11-06-2018 - 21:29 | |
CVE-2017-9408 | 4.3 |
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
|
03-10-2019 - 00:03 | 02-06-2017 - 19:29 | |
CVE-2017-17450 | 4.6 |
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data s
|
03-10-2019 - 00:03 | 07-12-2017 - 00:29 | |
CVE-2017-17807 | 2.1 |
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system ca
|
03-10-2019 - 00:03 | 20-12-2017 - 23:29 | |
CVE-2017-17843 | 4.3 |
An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as
|
03-10-2019 - 00:03 | 27-12-2017 - 17:08 | |
CVE-2017-17448 | 4.6 |
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data
|
03-10-2019 - 00:03 | 07-12-2017 - 00:29 | |
CVE-2017-17879 | 6.8 |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
|
03-10-2019 - 00:03 | 27-12-2017 - 17:08 | |
CVE-2017-17844 | 4.3 |
An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block
|
03-10-2019 - 00:03 | 27-12-2017 - 17:08 | |
CVE-2017-17090 | 5.0 |
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain re
|
03-10-2019 - 00:03 | 02-12-2017 - 00:29 | |
CVE-2017-14519 | 5.0 |
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).
|
03-10-2019 - 00:03 | 17-09-2017 - 23:29 | |
CVE-2017-16672 | 4.3 |
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets reject
|
03-10-2019 - 00:03 | 09-11-2017 - 00:29 | |
CVE-2017-17848 | 5.0 |
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words
|
16-05-2019 - 17:29 | 27-12-2017 - 17:08 | |
CVE-2017-17558 | 7.2 |
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allow
|
14-05-2019 - 23:29 | 12-12-2017 - 15:29 | |
CVE-2017-1000407 | 6.1 |
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
|
14-05-2019 - 22:29 | 11-12-2017 - 21:29 | |
CVE-2017-14975 | 5.0 |
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.
|
03-05-2019 - 20:15 | 02-10-2017 - 01:29 | |
CVE-2017-14976 | 5.0 |
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.
|
03-05-2019 - 20:14 | 02-10-2017 - 01:29 | |
CVE-2017-14977 | 5.0 |
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
|
03-05-2019 - 20:05 | 02-10-2017 - 01:29 | |
CVE-2017-1000410 | 5.0 |
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned
|
08-04-2019 - 20:29 | 07-12-2017 - 19:29 | |
CVE-2017-15565 | 6.8 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
|
14-03-2019 - 17:42 | 17-10-2017 - 22:29 | |
CVE-2017-9776 | 6.8 |
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
|
12-03-2019 - 17:27 | 22-06-2017 - 21:29 | |
CVE-2017-9775 | 4.3 |
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
|
12-03-2019 - 17:25 | 22-06-2017 - 21:29 | |
CVE-2017-14517 | 4.3 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
|
18-01-2019 - 11:29 | 17-09-2017 - 23:29 | |
CVE-2017-16671 | 6.5 |
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus,
|
25-11-2018 - 11:29 | 09-11-2017 - 00:29 | |
CVE-2017-16644 | 7.2 |
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted US
|
24-08-2018 - 10:29 | 07-11-2017 - 23:29 | |
CVE-2017-16538 | 7.2 |
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a mi
|
24-08-2018 - 10:29 | 04-11-2017 - 01:29 | |
CVE-2017-7848 | 5.0 |
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.
|
09-08-2018 - 13:41 | 11-06-2018 - 21:29 | |
CVE-2017-7846 | 6.8 |
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird
|
07-08-2018 - 12:35 | 11-06-2018 - 21:29 | |
CVE-2017-7847 | 4.3 |
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.
|
07-08-2018 - 12:32 | 11-06-2018 - 21:29 | |
CVE-2017-7829 | 5.0 |
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbir
|
07-08-2018 - 12:28 | 11-06-2018 - 21:29 | |
CVE-2017-7828 | 7.5 |
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox
|
02-08-2018 - 20:18 | 11-06-2018 - 21:29 | |
CVE-2017-7826 | 10.0 |
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
|
01-08-2018 - 12:06 | 11-06-2018 - 21:29 | |
CVE-2017-17449 | 1.9 |
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sens
|
31-05-2018 - 01:29 | 07-12-2017 - 00:29 | |
CVE-2017-17741 | 2.1 |
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
|
25-04-2018 - 01:29 | 18-12-2017 - 08:29 | |
CVE-2017-17862 | 4.9 |
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users
|
07-04-2018 - 01:29 | 27-12-2017 - 17:08 | |
CVE-2017-17512 | 6.8 |
sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstra
|
16-03-2018 - 01:29 | 11-12-2017 - 06:29 | |
CVE-2017-17863 | 7.2 |
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly hav
|
16-03-2018 - 01:29 | 27-12-2017 - 17:08 | |
CVE-2017-17846 | 5.0 |
An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.
|
04-02-2018 - 02:29 | 27-12-2017 - 17:08 | |
CVE-2017-17847 | 5.0 |
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demo
|
04-02-2018 - 02:29 | 27-12-2017 - 17:08 | |
CVE-2017-17845 | 7.5 |
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.
|
04-02-2018 - 02:29 | 27-12-2017 - 17:08 | |
CVE-2017-17864 | 2.1 |
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer l
|
13-01-2018 - 02:29 | 27-12-2017 - 17:08 | |
CVE-2017-14518 | 6.8 |
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
|
09-01-2018 - 02:29 | 17-09-2017 - 23:29 | |
CVE-2017-14520 | 6.8 |
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
|
09-01-2018 - 02:29 | 17-09-2017 - 23:29 | |
CVE-2017-17664 | 4.3 |
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
|
02-01-2018 - 17:35 | 13-12-2017 - 20:29 |