Security Vulnerabilities, CVEs, Published In May 2017 CVSS score >= 7
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
Max CVSS
7.5
EPSS Score
0.21%
Published
2017-05-31
Updated
2019-10-03
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
Max CVSS
7.8
EPSS Score
0.47%
Published
2017-05-29
Updated
2017-06-06
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
Max CVSS
7.8
EPSS Score
0.82%
Published
2017-05-29
Updated
2017-11-23
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.
Max CVSS
9.8
EPSS Score
0.44%
Published
2017-05-29
Updated
2019-10-03
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
Max CVSS
9.8
EPSS Score
1.85%
Published
2017-05-29
Updated
2019-10-03
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
Max CVSS
9.8
EPSS Score
0.43%
Published
2017-05-29
Updated
2019-10-03
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.
Max CVSS
7.5
EPSS Score
0.45%
Published
2017-05-28
Updated
2020-10-28
CVE-2017-9232
Public exploit
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
Max CVSS
10.0
EPSS Score
24.38%
Published
2017-05-28
Updated
2019-10-03
The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability
Max CVSS
7.5
EPSS Score
0.53%
Published
2017-05-24
Updated
2024-03-21
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
Max CVSS
7.5
EPSS Score
0.26%
Published
2017-05-24
Updated
2022-09-01
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
Max CVSS
9.8
EPSS Score
0.81%
Published
2017-05-24
Updated
2022-07-20
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
Max CVSS
9.8
EPSS Score
0.34%
Published
2017-05-24
Updated
2022-07-20
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
Max CVSS
9.8
EPSS Score
0.52%
Published
2017-05-24
Updated
2022-07-20
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
Max CVSS
9.8
EPSS Score
0.17%
Published
2017-05-24
Updated
2017-06-02
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
Max CVSS
9.8
EPSS Score
0.42%
Published
2017-05-24
Updated
2022-07-20
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
Max CVSS
7.5
EPSS Score
0.71%
Published
2017-05-24
Updated
2022-01-31
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
Max CVSS
9.8
EPSS Score
0.95%
Published
2017-05-23
Updated
2021-08-04
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.
Max CVSS
7.8
EPSS Score
0.08%
Published
2017-05-23
Updated
2019-10-03
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63.
Max CVSS
9.8
EPSS Score
0.20%
Published
2017-05-23
Updated
2017-05-28
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19.
Max CVSS
9.8
EPSS Score
0.20%
Published
2017-05-23
Updated
2017-05-28
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18.
Max CVSS
9.8
EPSS Score
0.20%
Published
2017-05-23
Updated
2017-05-28
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55.
Max CVSS
9.8
EPSS Score
0.20%
Published
2017-05-23
Updated
2017-05-28
libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in input-tga.c:528:7.
Max CVSS
9.8
EPSS Score
0.20%
Published
2017-05-23
Updated
2019-10-03
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27.
Max CVSS
9.8
EPSS Score
0.20%
Published
2017-05-23
Updated
2019-10-03
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.
Max CVSS
9.8
EPSS Score
0.20%
Published
2017-05-23
Updated
2019-10-03