- EPSS 3.03%
- Veröffentlicht 17.11.2017 20:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVE-2017-15102
- EPSS 0.39%
- Veröffentlicht 15.11.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occur...
CVE-2017-15115
- EPSS 0.47%
- Veröffentlicht 15.11.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possi...
CVE-2017-16642
- EPSS 26.37%
- Veröffentlicht 07.11.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the in...
CVE-2015-7529
- EPSS 0.44%
- Veröffentlicht 06.11.2017 17:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$host...
CVE-2017-16548
- EPSS 5.16%
- Veröffentlicht 06.11.2017 05:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) ...
CVE-2017-16546
- EPSS 2.2%
- Veröffentlicht 05.11.2017 22:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or po...
CVE-2017-16532
- EPSS 0.4%
- Veröffentlicht 04.11.2017 01:29:37
- Zuletzt bearbeitet 13.05.2026 00:24:29
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB devic...
CVE-2017-16533
- EPSS 0.38%
- Veröffentlicht 04.11.2017 01:29:37
- Zuletzt bearbeitet 13.05.2026 00:24:29
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16525
- EPSS 0.39%
- Veröffentlicht 04.11.2017 01:29:36
- Zuletzt bearbeitet 13.05.2026 00:24:29
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB...