CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-9230 2017-05-24 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent.
2 CVE-2017-9229 2017-05-24 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
3 CVE-2017-9228 Mem. Corr. 2017-05-24 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
4 CVE-2017-9227 2017-05-24 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
5 CVE-2017-9226 Mem. Corr. 2017-05-24 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
6 CVE-2017-9225 Overflow 2017-05-24 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
7 CVE-2017-9224 2017-05-24 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
8 CVE-2017-9217 DoS 2017-05-24 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
9 CVE-2017-9216 2017-05-24 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
10 CVE-2017-9214 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
11 CVE-2017-9212 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.
12 CVE-2017-9211 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.
13 CVE-2017-9210 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
14 CVE-2017-9209 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
15 CVE-2017-9208 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
16 CVE-2017-9207 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.
17 CVE-2017-9206 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.
18 CVE-2017-9205 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.
19 CVE-2017-9204 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.
20 CVE-2017-9203 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c.
21 CVE-2017-9202 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.
22 CVE-2017-9201 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.
23 CVE-2017-9200 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63.
24 CVE-2017-9199 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19.
25 CVE-2017-9198 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18.
26 CVE-2017-9197 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55.
27 CVE-2017-9196 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in input-tga.c:528:7.
28 CVE-2017-9195 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27.
29 CVE-2017-9194 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.
30 CVE-2017-9193 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33.
31 CVE-2017-9192 Overflow 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7.
32 CVE-2017-9191 Overflow 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15.
33 CVE-2017-9190 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid free), related to the free_bitmap function in bitmap.c:24:5.
34 CVE-2017-9189 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11.
35 CVE-2017-9188 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63.
36 CVE-2017-9187 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7.
37 CVE-2017-9186 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17.
38 CVE-2017-9185 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7.
39 CVE-2017-9184 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7.
40 CVE-2017-9183 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7.
41 CVE-2017-9182 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11.
42 CVE-2017-9181 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c.
43 CVE-2017-9180 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14.
44 CVE-2017-9179 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14.
45 CVE-2017-9178 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11.
46 CVE-2017-9177 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:390:12.
47 CVE-2017-9176 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25.
48 CVE-2017-9175 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25.
49 CVE-2017-9174 DoS 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:21:23.
50 CVE-2017-9173 Overflow 2017-05-23 2017-05-23
0.0
None ??? ??? ??? ??? ??? ???
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29.
Total number of vulnerabilities : 424   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.