Total
12847 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7555 | 2 Augeas, Redhat | 5 Augeas, Enterprise Linux, Rhel Aus and 2 more | 2024-11-21 | N/A |
| Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. | ||||
| CVE-2017-7541 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2024-11-21 | 7.8 High |
| The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet. | ||||
| CVE-2017-7523 | 1 Cygwin | 1 Cygwin | 2024-11-21 | N/A |
| Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string. | ||||
| CVE-2017-7506 | 2 Redhat, Spice Project | 2 Enterprise Linux, Spice | 2024-11-21 | N/A |
| spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. | ||||
| CVE-2017-7477 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 7.0 High |
| Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. | ||||
| CVE-2017-7476 | 1 Gnulib | 1 Gnulib | 2024-11-21 | N/A |
| Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. | ||||
| CVE-2017-7467 | 1 Minicom Project | 1 Minicom | 2024-11-21 | N/A |
| A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process. | ||||
| CVE-2017-7441 | 1 Sophos | 1 Hitmanpro | 2024-11-21 | N/A |
| In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie. | ||||
| CVE-2017-7407 | 2 Haxx, Redhat | 2 Curl, Rhel Software Collections | 2024-11-21 | 2.4 Low |
| The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. | ||||
| CVE-2017-7376 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Android, Libxml2 | 2024-11-21 | N/A |
| Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. | ||||
| CVE-2017-7372 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location. | ||||
| CVE-2017-7310 | 1 Flexense | 3 Diskboss, Disksorter, Syncbreeze | 2024-11-21 | N/A |
| A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element. | ||||
| CVE-2017-7275 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A |
| The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. | ||||
| CVE-2017-7246 | 2 Pcre, Redhat | 2 Pcre, Jboss Core Services | 2024-11-21 | N/A |
| Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2017-7245 | 2 Pcre, Redhat | 2 Pcre, Jboss Core Services | 2024-11-21 | N/A |
| Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2017-7231 | 1 Pngdefry Project | 1 Pngdefry | 2024-11-21 | N/A |
| pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. This issue affects the 'process()' function of the 'pngdefry.c' source file. | ||||
| CVE-2017-7230 | 1 Disksorter | 1 Disk Sorter | 2024-11-21 | N/A |
| A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request. | ||||
| CVE-2017-7227 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. | ||||
| CVE-2017-7223 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. | ||||
| CVE-2017-7219 | 1 Citrix | 2 Netscaler Gateway, Netscaler Gateway Firmware | 2024-11-21 | N/A |
| A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. | ||||