Total
9113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2904 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | |||||
| CVE-2017-2903 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | |||||
| CVE-2017-2902 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | |||||
| CVE-2017-2901 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | |||||
| CVE-2017-2900 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | |||||
| CVE-2017-2899 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | |||||
| CVE-2017-2885 | 3 Debian, Gnome, Redhat | 8 Debian Linux, Libsoup, Enterprise Linux Desktop and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. | |||||
| CVE-2017-2839 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | |||||
| CVE-2017-2838 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | |||||
| CVE-2017-2837 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | |||||
| CVE-2017-2836 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | |||||
| CVE-2017-2835 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability. | |||||
| CVE-2017-2834 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-11-21 | 6.8 MEDIUM | 7.0 HIGH |
| An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability. | |||||
| CVE-2017-2826 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability. | |||||
| CVE-2017-2825 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2024-11-21 | 6.8 MEDIUM | 7.0 HIGH |
| In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability. | |||||
| CVE-2017-2670 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | |||||
| CVE-2017-2669 | 2 Debian, Dovecot | 2 Debian Linux, Dovecot | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang. | |||||
| CVE-2017-2666 | 2 Debian, Redhat | 4 Debian Linux, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. | |||||
| CVE-2017-2640 | 3 Debian, Pidgin, Redhat | 7 Debian Linux, Pidgin, Enterprise Linux Desktop and 4 more | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process. | |||||
| CVE-2017-2624 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-11-21 | 1.9 LOW | 5.9 MEDIUM |
| It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. | |||||