CVE-2017-2888
- EPSS 3.07%
- Veröffentlicht 11.10.2017 18:29:05
- Zuletzt bearbeitet 13.05.2026 00:24:29
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential...
CVE-2017-2887
- EPSS 2.66%
- Veröffentlicht 11.10.2017 18:29:04
- Zuletzt bearbeitet 13.05.2026 00:24:29
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a s...
CVE-2017-0903
- EPSS 15.85%
- Veröffentlicht 11.10.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalat...
CVE-2017-15238
- EPSS 1.75%
- Veröffentlicht 11.10.2017 03:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.
CVE-2017-15191
- EPSS 2.7%
- Veröffentlicht 10.10.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
CVE-2017-5637
- EPSS 73.65%
- Veröffentlicht 10.10.2017 01:30:22
- Zuletzt bearbeitet 13.05.2026 00:24:29
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3...
CVE-2017-13721
- EPSS 0.36%
- Veröffentlicht 10.10.2017 01:30:21
- Zuletzt bearbeitet 13.05.2026 00:24:29
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...
CVE-2017-13723
- EPSS 0.44%
- Veröffentlicht 10.10.2017 01:30:21
- Zuletzt bearbeitet 13.05.2026 00:24:29
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atom...
CVE-2017-15041
- EPSS 8.94%
- Veröffentlicht 05.10.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. I...
CVE-2017-1000111
- EPSS 0.37%
- Veröffentlicht 05.10.2017 01:29:04
- Zuletzt bearbeitet 13.05.2026 00:24:29
Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_...