Search Results (23543 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9775 3 Debian, Freedesktop, Redhat 9 Debian Linux, Poppler, Enterprise Linux and 6 more 2025-04-20 N/A
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2017-5013 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-14340 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2025-04-20 N/A
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.
CVE-2017-9047 2 Redhat, Xmlsoft 2 Jboss Core Services, Libxml2 2025-04-20 N/A
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.
CVE-2017-15096 2 Gluster, Redhat 3 Glusterfs, Enterprise Linux, Storage 2025-04-20 N/A
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.
CVE-2017-7645 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-20 7.5 High
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
CVE-2017-1000061 2 Redhat, Xmlsec Project 2 Enterprise Linux, Xmlsec 2025-04-20 N/A
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
CVE-2017-9725 2 Google, Redhat 5 Android, Enterprise Linux, Enterprise Mrg and 2 more 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.
CVE-2016-7055 3 Nodejs, Openssl, Redhat 3 Node.js, Openssl, Jboss Core Services 2025-04-20 5.9 Medium
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.
CVE-2017-1000201 2 Redhat, Tcmu-runner Project 2 Storage, Tcmu-runner 2025-04-20 N/A
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack
CVE-2017-13007 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-04-20 N/A
The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().
CVE-2017-8932 5 Fedoraproject, Golang, Novell and 2 more 5 Fedora, Go, Suse Package Hub For Suse Linux Enterprise and 2 more 2025-04-20 N/A
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
CVE-2017-15265 2 Linux, Redhat 7 Linux Kernel, Enterprise Linux, Enterprise Mrg and 4 more 2025-04-20 7.0 High
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
CVE-2017-7395 2 Redhat, Tigervnc 2 Enterprise Linux, Tigervnc 2025-04-20 N/A
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.
CVE-2017-5116 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 8.8 High
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2017-13743 2 Liblouis, Redhat 2 Liblouis, Enterprise Linux 2025-04-20 N/A
There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack.
CVE-2017-5109 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Chrome and 6 more 2025-04-20 4.3 Medium
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.
CVE-2016-5824 3 Canonical, Libical Project, Redhat 9 Ubuntu Linux, Libical, Enterprise Linux and 6 more 2025-04-20 N/A
libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
CVE-2017-9287 5 Debian, Mcafee, Openldap and 2 more 11 Debian Linux, Policy Auditor, Openldap and 8 more 2025-04-20 6.5 Medium
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
CVE-2017-5101 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Chrome and 6 more 2025-04-20 6.5 Medium
Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.