CVE-2017-9929
- EPSS 1.05%
- Veröffentlicht 26.06.2017 07:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9868
- EPSS 0.36%
- Veröffentlicht 25.06.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.
CVE-2017-9865
- EPSS 1.68%
- Veröffentlicht 25.06.2017 13:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in I...
CVE-2017-9775
- EPSS 4.34%
- Veröffentlicht 22.06.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
CVE-2017-9776
- EPSS 2%
- Veröffentlicht 22.06.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2017-9780
- EPSS 0.36%
- Veröffentlicht 21.06.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacke...
CVE-2017-9766
- EPSS 3.82%
- Veröffentlicht 21.06.2017 07:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
CVE-2017-3167
- EPSS 20.23%
- Veröffentlicht 20.06.2017 01:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
CVE-2017-7668
- EPSS 57.47%
- Veröffentlicht 20.06.2017 01:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacke...
CVE-2017-1000366
- EPSS 2.73%
- Veröffentlicht 19.06.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made t...