CVE-2017-14632
- EPSS 5.71%
- Veröffentlicht 21.09.2017 07:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
CVE-2017-14633
- EPSS 1.92%
- Veröffentlicht 21.09.2017 07:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().
CVE-2017-14634
- EPSS 2.08%
- Veröffentlicht 21.09.2017 07:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.
CVE-2015-2927
- EPSS 4.98%
- Veröffentlicht 20.09.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).
CVE-2015-5395
- EPSS 0.9%
- Veröffentlicht 20.09.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
CVE-2017-14607
- EPSS 2.33%
- Veröffentlicht 20.09.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2017-14604
- EPSS 2.47%
- Veröffentlicht 20.09.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command....
CVE-2015-1854
- EPSS 2.14%
- Veröffentlicht 19.09.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.
CVE-2017-9798
- EPSS 95%
- Veröffentlicht 18.09.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2...
CVE-2017-14528
- EPSS 2.62%
- Veröffentlicht 18.09.2017 00:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-af...