Total
2816 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15422 | 5 Canonical, Debian, Google and 2 more | 7 Ubuntu Linux, Debian Linux, Chrome and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-15344 | 1 Huawei | 4 Ar120-s Firmware, Ar1200 Firmware, Ar3200 and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot. | |||||
| CVE-2017-15343 | 1 Huawei | 4 Ar120-s Firmware, Ar1200 Firmware, Ar3200 and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could system reboot. | |||||
| CVE-2017-15325 | 1 Huawei | 10 Prague-al00a, Prague-al00a Firmware, Prague-al00b and 7 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution. | |||||
| CVE-2017-14887 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may potentially occur. | |||||
| CVE-2017-14441 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2017-13182 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022. | |||||
| CVE-2017-12470 | 1 Ccn-lite | 1 Ccn-lite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables. | |||||
| CVE-2017-12465 | 1 Ccn-lite | 1 Ccn-lite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function. | |||||
| CVE-2017-12109 | 1 Libxls Project | 1 Libxls | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | |||||
| CVE-2017-12108 | 1 Libxls Project | 1 Libxls | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | |||||
| CVE-2017-12105 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
| CVE-2017-12104 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
| CVE-2017-12103 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
| CVE-2017-12102 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
| CVE-2017-12101 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | |||||
| CVE-2017-12100 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | |||||
| CVE-2017-12099 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | |||||
| CVE-2017-12086 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | |||||
| CVE-2017-12082 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability. | |||||