Total
1910 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-15411 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
CVE-2017-15410 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
CVE-2017-15409 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2017-15408 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium. | |||||
CVE-2017-15407 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server. | |||||
CVE-2017-15399 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2017-15398 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server. | |||||
CVE-2017-15396 | 4 Debian, Google, Icu-project and 1 more | 6 Debian Linux, Chrome, International Components For Unicode and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2017-15275 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. | |||||
CVE-2017-15134 | 2 Fedoraproject, Redhat | 5 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. | |||||
CVE-2017-15129 | 4 Canonical, Fedoraproject, Linux and 1 more | 20 Ubuntu Linux, Fedora, Linux Kernel and 17 more | 2024-11-21 | 4.9 MEDIUM | 4.7 MEDIUM |
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. | |||||
CVE-2017-15121 | 1 Redhat | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. | |||||
CVE-2017-15101 | 2 Liblouis, Redhat | 6 Liblouis, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution. | |||||
CVE-2017-15097 | 1 Redhat | 5 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 2 more | 2024-11-21 | 7.2 HIGH | 6.5 MEDIUM |
Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. | |||||
CVE-2017-15041 | 3 Debian, Golang, Redhat | 7 Debian Linux, Go, Developer Tools and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get." | |||||
CVE-2017-14746 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | |||||
CVE-2017-14496 | 6 Canonical, Debian, Google and 3 more | 8 Ubuntu Linux, Debian Linux, Android and 5 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. | |||||
CVE-2017-14495 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. | |||||
CVE-2017-14494 | 5 Canonical, Debian, Novell and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. | |||||
CVE-2017-14493 | 5 Canonical, Debian, Opensuse and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. |