Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-14513 | 5.0 |
Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.
|
03-03-2023 - 14:24 | 01-08-2019 - 21:15 | |
CVE-2017-7537 | 5.0 |
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick t
|
12-02-2023 - 23:30 | 26-07-2018 - 13:29 | |
CVE-2017-7488 | 4.0 |
Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.
|
12-02-2023 - 23:30 | 16-05-2017 - 18:29 | |
CVE-2017-5885 | 7.5 |
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColo
|
12-02-2023 - 23:29 | 28-02-2017 - 18:59 | |
CVE-2017-2626 | 2.1 |
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
|
12-02-2023 - 23:29 | 27-07-2018 - 19:29 | |
CVE-2016-7056 | 2.1 |
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
|
12-02-2023 - 23:25 | 10-09-2018 - 16:29 | |
CVE-2018-14622 | 5.0 |
A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file de
|
03-02-2023 - 14:23 | 30-08-2018 - 13:29 | |
CVE-2016-6515 | 7.8 |
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
|
13-12-2022 - 12:15 | 07-08-2016 - 21:59 | |
CVE-2017-3651 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileg
|
29-08-2022 - 20:52 | 08-08-2017 - 15:29 | |
CVE-2017-9287 | 4.0 |
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
|
13-06-2022 - 19:18 | 29-05-2017 - 16:29 | |
CVE-2016-6797 | 5.0 |
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked
|
18-04-2022 - 17:56 | 10-08-2017 - 22:29 | |
CVE-2017-5848 | 5.0 |
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
|
20-11-2020 - 18:59 | 09-02-2017 - 15:59 | |
CVE-2017-5898 | 2.1 |
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large A
|
10-11-2020 - 18:55 | 15-03-2017 - 19:59 | |
CVE-2016-9401 | 2.1 |
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
|
14-09-2020 - 18:32 | 23-01-2017 - 21:59 | |
CVE-2016-2775 | 4.3 |
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight reso
|
25-08-2020 - 20:18 | 19-07-2016 - 22:59 | |
CVE-2014-9365 | 5.8 |
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify tha
|
25-10-2019 - 11:53 | 12-12-2014 - 11:59 | |
CVE-2017-2640 | 7.5 |
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
|
09-10-2019 - 23:27 | 27-07-2018 - 18:29 | |
CVE-2017-8932 | 4.3 |
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progress
|
03-10-2019 - 00:03 | 06-07-2017 - 16:29 | |
CVE-2017-8386 | 6.5 |
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain pr
|
03-10-2019 - 00:03 | 01-06-2017 - 16:29 | |
CVE-2017-9461 | 6.8 |
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
|
03-10-2019 - 00:03 | 06-06-2017 - 21:29 | |
CVE-2017-7396 | 5.0 |
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.
|
03-10-2019 - 00:03 | 01-04-2017 - 02:59 | |
CVE-2017-10987 | 5.0 |
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
|
03-10-2019 - 00:03 | 17-07-2017 - 17:29 | |
CVE-2017-0553 | 7.6 |
An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process
|
03-10-2019 - 00:03 | 07-04-2017 - 22:59 | |
CVE-2017-1000083 | 6.8 |
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option su
|
03-10-2019 - 00:03 | 05-09-2017 - 06:29 | |
CVE-2016-7167 | 7.5 |
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a h
|
13-11-2018 - 11:29 | 07-10-2016 - 14:59 | |
CVE-2015-7552 | 9.3 |
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
|
30-10-2018 - 16:27 | 18-04-2016 - 14:59 | |
CVE-2015-8779 | 7.5 |
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
|
30-10-2018 - 16:27 | 19-04-2016 - 21:59 | |
CVE-2015-3622 | 4.3 |
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
|
30-10-2018 - 16:27 | 12-05-2015 - 19:59 | |
CVE-2017-5486 | 7.5 |
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
|
05-01-2018 - 02:31 | 28-01-2017 - 01:59 | |
CVE-2017-7486 | 5.0 |
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
|
05-01-2018 - 02:31 | 12-05-2017 - 19:29 | |
CVE-2017-7869 | 5.0 |
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is
|
05-01-2018 - 02:31 | 14-04-2017 - 04:59 | |
CVE-2017-7207 | 4.3 |
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.
|
05-01-2018 - 02:31 | 21-03-2017 - 06:59 | |
CVE-2017-7870 | 7.5 |
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
|
05-01-2018 - 02:31 | 14-04-2017 - 04:59 | |
CVE-2017-9242 | 4.9 |
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via craft
|
05-01-2018 - 02:31 | 27-05-2017 - 01:29 | |
CVE-2015-7496 | 7.2 |
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.
|
05-01-2018 - 02:30 | 24-11-2015 - 20:59 |