CVE-2017-1000381 CVSS:5.0
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (Last Update:2017-07-17) (Publish Update:2017-07-07)
CVE-2017-1000380 CVSS:2.1
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. (Last Update:2017-06-21) (Publish Update:2017-06-17)
CVE-2017-1000362 CVSS:5.0
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/, and delete it if present. (Last Update:2017-07-26) (Publish Update:2017-07-17)
CVE-2017-1000250 CVSS:0.0
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. (Last Update:2017-09-15) (Publish Update:2017-09-12)
CVE-2017-1000066 CVSS:5.0
The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. (Last Update:2017-07-20) (Publish Update:2017-07-17)
CVE-2017-1000029 CVSS:5.0
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-1000025 CVSS:5.0
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. (Last Update:2017-08-04) (Publish Update:2017-07-17)
CVE-2017-1000024 CVSS:5.0
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to a information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission (Last Update:2017-08-04) (Publish Update:2017-07-17)
CVE-2017-14420 CVSS:0.0
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. (Last Update:2017-09-13) (Publish Update:2017-09-13)
CVE-2017-14404 CVSS:5.0
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring. (Last Update:2017-09-18) (Publish Update:2017-09-12)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by