CVE-2017-1000381 CVSS:5.0
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (Last Update:2017-07-17) (Publish Update:2017-07-07)
CVE-2017-1000380 CVSS:2.1
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. (Last Update:2017-06-21) (Publish Update:2017-06-17)
CVE-2017-1000066 CVSS:5.0
The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. (Last Update:2017-07-20) (Publish Update:2017-07-17)
CVE-2017-1000029 CVSS:5.0
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. (Last Update:2017-07-21) (Publish Update:2017-07-17)
CVE-2017-11472 CVSS:0.0
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. (Last Update:2017-07-20) (Publish Update:2017-07-20)
CVE-2017-11448 CVSS:4.3
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. (Last Update:2017-07-20) (Publish Update:2017-07-19)
CVE-2017-11165 CVSS:5.0
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI. (Last Update:2017-07-17) (Publish Update:2017-07-12)
CVE-2017-11146 CVSS:5.0
In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, lack of bounds checks in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11145. (Last Update:2017-07-18) (Publish Update:2017-07-10)
CVE-2017-11145 CVSS:5.0
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function. (Last Update:2017-07-17) (Publish Update:2017-07-10)
CVE-2017-10928 CVSS:6.8
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. (Last Update:2017-07-12) (Publish Update:2017-07-05)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com