Search

Search Results (365359 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11089 1 Google 1 Android 2025-04-20 N/A
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes
CVE-2017-11090 1 Google 1 Android 2025-04-20 N/A
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes.
CVE-2017-11091 1 Google 1 Android 2025-04-20 N/A
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early.
CVE-2017-11092 1 Google 1 Android 2025-04-20 N/A
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur.
CVE-2017-11093 1 Google 1 Android 2025-04-20 N/A
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an upper-bound validation when reading "num_of_cea_blocks" from the untrusted source (EDID), kernel memory can be exposed.
CVE-2017-11096 1 Swftools 1 Swftools 2025-04-20 N/A
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.
CVE-2017-11097 1 Swftools 1 Swftools 2025-04-20 N/A
When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.
CVE-2017-11098 1 Swftools 1 Swftools 2025-04-20 N/A
When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.
CVE-2017-11099 1 Swftools 1 Swftools 2025-04-20 N/A
When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c.
CVE-2017-1110 1 Ibm 1 Curam Social Program Management 2025-04-20 N/A
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915.
CVE-2017-11100 1 Swftools 1 Swftools 2025-04-20 N/A
When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.
CVE-2017-11101 1 Swftools 1 Swftools 2025-04-20 N/A
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.
CVE-2017-11102 1 Graphicsmagick 1 Graphicsmagick 2025-04-20 N/A
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.
CVE-2017-11103 5 Apple, Debian, Freebsd and 2 more 6 Iphone Os, Mac Os X, Debian Linux and 3 more 2025-04-20 8.1 High
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
CVE-2017-11104 2 Debian, Knot-dns 2 Debian Linux, Knot Dns 2025-04-20 5.9 Medium
Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check.
CVE-2017-11105 1 Oneplus 2 Oneplus 2, Primary Bootloader 2025-04-20 N/A
The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation.
CVE-2017-11107 2 Debian, Phpldapadmin Project 2 Debian Linux, Phpldapadmin 2025-04-20 6.1 Medium
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
CVE-2017-11108 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-04-20 N/A
tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.
CVE-2017-11109 1 Vim 1 Vim 2025-04-20 N/A
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.
CVE-2017-11110 1 Fossies 1 Catdoc 2025-04-20 N/A
The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer.