CVE-2017-0902
- EPSS 4.75%
- Veröffentlicht 31.08.2017 20:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
CVE-2017-14064
- EPSS 9.45%
- Veröffentlicht 31.08.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning...
CVE-2017-14062
- EPSS 3.97%
- Veröffentlicht 31.08.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2017-14039
- EPSS 4.35%
- Veröffentlicht 30.08.2017 22:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVE-2017-14040
- EPSS 4.77%
- Veröffentlicht 30.08.2017 22:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
CVE-2017-14041
- EPSS 5.65%
- Veröffentlicht 30.08.2017 22:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVE-2017-13765
- EPSS 2.79%
- Veröffentlicht 30.08.2017 09:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
CVE-2017-13768
- EPSS 2.07%
- Veröffentlicht 30.08.2017 09:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
CVE-2017-13769
- EPSS 1.4%
- Veröffentlicht 30.08.2017 09:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
CVE-2017-13775
- EPSS 2.06%
- Veröffentlicht 30.08.2017 09:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.