Max CVSS | 10.0 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2003-0545 | 10.0 |
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
|
02-02-2024 - 15:23 | 17-11-2003 - 05:00 | |
CVE-2014-9940 | 7.6 |
The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.
|
28-12-2023 - 18:11 | 02-05-2017 - 21:59 | |
CVE-2017-7533 | 6.9 |
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_han
|
21-06-2023 - 15:57 | 05-08-2017 - 16:29 | |
CVE-2017-7541 | 7.2 |
The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a
|
14-02-2023 - 21:37 | 25-07-2017 - 04:29 | |
CVE-2017-7482 | 7.2 |
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This
|
14-02-2023 - 21:37 | 30-07-2018 - 14:29 | |
CVE-2017-7889 | 7.2 |
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access re
|
14-02-2023 - 21:12 | 17-04-2017 - 00:59 | |
CVE-2017-7542 | 4.9 |
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
|
12-02-2023 - 23:30 | 21-07-2017 - 16:29 | |
CVE-2017-1000365 | 7.2 |
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass
|
17-01-2023 - 21:03 | 19-06-2017 - 16:29 | |
CVE-2017-1000363 | 7.2 |
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, wher
|
17-01-2023 - 21:03 | 17-07-2017 - 13:18 | |
CVE-2017-11176 | 7.2 |
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possi
|
17-01-2023 - 21:01 | 11-07-2017 - 23:29 | |
CVE-2017-3641 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged a
|
28-10-2022 - 19:26 | 08-08-2017 - 15:29 | |
CVE-2017-3653 | 3.5 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged
|
21-09-2022 - 19:58 | 08-08-2017 - 15:29 | |
CVE-2017-3464 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged
|
29-08-2022 - 20:52 | 24-04-2017 - 19:59 | |
CVE-2017-3456 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged
|
05-08-2022 - 14:25 | 24-04-2017 - 19:59 | |
CVE-2017-3636 | 4.6 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logo
|
04-08-2022 - 19:59 | 08-08-2017 - 15:29 | |
CVE-2017-3453 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privi
|
01-08-2022 - 15:14 | 24-04-2017 - 19:59 | |
CVE-2017-3309 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privi
|
19-07-2022 - 16:32 | 24-04-2017 - 19:59 | |
CVE-2017-3308 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged
|
19-07-2022 - 16:27 | 24-04-2017 - 19:59 | |
CVE-2017-12904 | 9.3 |
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its t
|
21-10-2020 - 20:15 | 23-08-2017 - 14:29 | |
CVE-2017-12836 | 5.1 |
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
|
03-10-2019 - 00:03 | 24-08-2017 - 14:29 | |
CVE-2017-11610 | 9.0 |
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace looku
|
03-10-2019 - 00:03 | 23-08-2017 - 14:29 | |
CVE-2017-11423 | 4.3 |
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
|
03-10-2019 - 00:03 | 18-07-2017 - 20:29 | |
CVE-2017-6419 | 6.8 |
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
|
21-10-2018 - 10:29 | 07-08-2017 - 03:29 | |
CVE-2017-10911 | 4.9 |
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized paddin
|
07-09-2018 - 10:29 | 05-07-2017 - 01:29 | |
CVE-2003-0544 | 5.0 |
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer wh
|
03-05-2018 - 01:29 | 17-11-2003 - 05:00 | |
CVE-2003-0543 | 5.0 |
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
|
03-05-2018 - 01:29 | 17-11-2003 - 05:00 | |
CVE-2017-7555 | 7.5 |
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, le
|
09-12-2017 - 02:29 | 17-08-2017 - 19:29 | |
CVE-2017-11721 | 7.5 |
Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.
|
08-11-2017 - 02:29 | 03-08-2017 - 08:29 | |
CVE-2016-10376 | 3.5 |
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
|
06-11-2017 - 02:29 | 28-05-2017 - 00:29 | |
CVE-2017-7346 | 4.9 |
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call
|
04-11-2017 - 01:29 | 30-03-2017 - 23:59 | |
CVE-2017-9605 | 4.9 |
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one att
|
04-11-2017 - 01:29 | 13-06-2017 - 19:29 |