Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-1000376 | 6.9 |
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version
|
22-09-2023 - 18:25 | 19-06-2017 - 16:29 | |
CVE-2017-9074 | 7.2 |
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly
|
24-02-2023 - 18:40 | 19-05-2017 - 07:29 | |
CVE-2017-9076 | 7.2 |
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related i
|
24-02-2023 - 18:39 | 19-05-2017 - 07:29 | |
CVE-2017-9075 | 7.2 |
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related is
|
24-02-2023 - 18:39 | 19-05-2017 - 07:29 | |
CVE-2017-9077 | 7.2 |
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related is
|
24-02-2023 - 18:38 | 19-05-2017 - 14:29 | |
CVE-2017-8890 | 7.2 |
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
|
24-02-2023 - 18:32 | 10-05-2017 - 16:29 | |
CVE-2017-7487 | 7.2 |
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR io
|
14-02-2023 - 21:37 | 14-05-2017 - 22:29 | |
CVE-2017-8064 | 7.2 |
drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or poss
|
14-02-2023 - 19:25 | 23-04-2017 - 05:59 | |
CVE-2017-7895 | 10.0 |
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted reque
|
19-01-2023 - 16:13 | 28-04-2017 - 10:59 | |
CVE-2017-7645 | 7.8 |
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
|
17-01-2023 - 21:34 | 18-04-2017 - 14:59 | |
CVE-2017-1000366 | 7.2 |
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made t
|
15-10-2020 - 13:28 | 19-06-2017 - 16:29 | |
CVE-2017-1000369 | 2.1 |
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note
|
12-12-2019 - 13:35 | 19-06-2017 - 16:29 | |
CVE-2017-8925 | 2.1 |
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
|
03-10-2019 - 00:03 | 12-05-2017 - 21:29 | |
CVE-2017-5944 | 6.5 |
The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name.
|
03-10-2019 - 00:03 | 03-07-2017 - 16:29 | |
CVE-2017-5361 | 4.3 |
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing s
|
03-10-2019 - 00:03 | 03-07-2017 - 16:29 | |
CVE-2017-8924 | 2.1 |
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device
|
16-04-2019 - 14:28 | 12-05-2017 - 21:29 | |
CVE-2017-9469 | 5.0 |
In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.
|
14-03-2019 - 19:07 | 07-06-2017 - 01:29 | |
CVE-2017-9468 | 5.0 |
In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.
|
14-03-2019 - 18:45 | 07-06-2017 - 01:29 | |
CVE-2017-9526 | 4.3 |
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secur
|
16-01-2019 - 19:29 | 11-06-2017 - 02:29 | |
CVE-2017-1000364 | 6.2 |
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the
|
18-10-2018 - 10:29 | 19-06-2017 - 16:29 | |
CVE-2017-7764 | 5.0 |
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confus
|
13-08-2018 - 19:37 | 11-06-2018 - 21:29 | |
CVE-2017-7778 | 7.5 |
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects
|
13-08-2018 - 17:14 | 11-06-2018 - 21:29 | |
CVE-2017-7757 | 7.5 |
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and
|
08-08-2018 - 14:45 | 11-06-2018 - 21:29 | |
CVE-2017-7756 | 7.5 |
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2
|
08-08-2018 - 14:44 | 11-06-2018 - 21:29 | |
CVE-2017-7758 | 6.4 |
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
|
03-08-2018 - 14:39 | 11-06-2018 - 21:29 | |
CVE-2017-7754 | 5.0 |
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
|
03-08-2018 - 14:31 | 11-06-2018 - 21:29 | |
CVE-2017-7752 | 6.8 |
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigge
|
03-08-2018 - 14:31 | 11-06-2018 - 21:29 | |
CVE-2017-7751 | 7.5 |
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
|
03-08-2018 - 14:28 | 11-06-2018 - 21:29 | |
CVE-2017-5472 | 7.5 |
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects
|
03-08-2018 - 14:24 | 11-06-2018 - 21:29 | |
CVE-2017-7750 | 7.5 |
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Fire
|
03-08-2018 - 14:22 | 11-06-2018 - 21:29 | |
CVE-2017-7749 | 7.5 |
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
|
03-08-2018 - 14:18 | 11-06-2018 - 21:29 | |
CVE-2017-5470 | 7.5 |
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
|
03-08-2018 - 14:16 | 11-06-2018 - 21:29 | |
CVE-2017-7507 | 5.0 |
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
|
05-01-2018 - 02:31 | 16-06-2017 - 19:29 | |
CVE-2017-9242 | 4.9 |
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via craft
|
05-01-2018 - 02:31 | 27-05-2017 - 01:29 | |
CVE-2003-0690 | 10.0 |
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam
|
11-10-2017 - 01:29 | 06-10-2003 - 04:00 | |
CVE-2003-0692 | 7.5 |
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
|
11-10-2017 - 01:29 | 06-10-2003 - 04:00 | |
CVE-2017-5943 | 6.8 |
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
|
07-07-2017 - 16:40 | 03-07-2017 - 16:29 | |
CVE-2016-6127 | 4.3 |
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script o
|
07-07-2017 - 14:56 | 03-07-2017 - 16:29 |