CVE-2017-8816
- EPSS 8.52%
- Veröffentlicht 29.11.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via ...
CVE-2017-8817
- EPSS 11.18%
- Veröffentlicht 29.11.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.
CVE-2017-14746
- EPSS 9.88%
- Veröffentlicht 27.11.2017 22:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
CVE-2017-15275
- EPSS 21.41%
- Veröffentlicht 27.11.2017 22:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
CVE-2017-14176
- EPSS 5.98%
- Veröffentlicht 27.11.2017 10:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1622...
CVE-2017-8028
- EPSS 2.61%
- Veröffentlicht 27.11.2017 10:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy a...
CVE-2017-16943
- EPSS 46.71%
- Veröffentlicht 25.11.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
CVE-2017-16944
- EPSS 63.32%
- Veröffentlicht 25.11.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character sig...
CVE-2017-16939
- EPSS 2.15%
- Veröffentlicht 24.11.2017 10:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM...
CVE-2017-16927
- EPSS 0.41%
- Veröffentlicht 23.11.2017 06:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possib...