# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
22601 |
CVE-2017-9245 |
200 |
|
+Info |
2017-07-18 |
2017-09-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. |
22602 |
CVE-2017-9244 |
79 |
|
XSS |
2017-08-02 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card. |
22603 |
CVE-2017-9243 |
79 |
|
XSS |
2017-05-28 |
2017-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. |
22604 |
CVE-2017-9242 |
20 |
|
DoS |
2017-05-26 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. |
22605 |
CVE-2017-9239 |
369 |
|
|
2017-05-26 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file. |
22606 |
CVE-2017-9233 |
611 |
|
|
2017-07-25 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. |
22607 |
CVE-2017-9231 |
611 |
|
+Info |
2017-06-16 |
2017-07-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. |
22608 |
CVE-2017-9230 |
338 |
|
|
2017-05-24 |
2018-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability. |
22609 |
CVE-2017-9229 |
476 |
|
|
2017-05-24 |
2018-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. |
22610 |
CVE-2017-9223 |
125 |
|
DoS |
2017-06-27 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. |
22611 |
CVE-2017-9221 |
125 |
|
DoS |
2017-06-27 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. |
22612 |
CVE-2017-9220 |
119 |
|
DoS Overflow |
2017-06-27 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file. |
22613 |
CVE-2017-9219 |
119 |
|
DoS Overflow |
2017-06-27 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file. |
22614 |
CVE-2017-9218 |
125 |
|
DoS |
2017-06-27 |
2017-06-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. |
22615 |
CVE-2017-9217 |
20 |
|
DoS |
2017-05-24 |
2017-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. |
22616 |
CVE-2017-9216 |
476 |
|
|
2017-05-24 |
2017-06-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. |
22617 |
CVE-2017-9211 |
476 |
|
DoS |
2017-05-23 |
2017-06-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application. |
22618 |
CVE-2017-9210 |
835 |
|
DoS |
2017-05-23 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3. |
22619 |
CVE-2017-9209 |
835 |
|
DoS |
2017-05-23 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. |
22620 |
CVE-2017-9208 |
835 |
|
DoS |
2017-05-23 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. |
22621 |
CVE-2017-9207 |
125 |
|
DoS |
2017-05-23 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. |
22622 |
CVE-2017-9206 |
125 |
|
DoS |
2017-05-23 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. |
22623 |
CVE-2017-9205 |
125 |
|
DoS |
2017-05-23 |
2019-09-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c. |
22624 |
CVE-2017-9204 |
125 |
|
DoS |
2017-05-23 |
2019-09-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c. |
22625 |
CVE-2017-9203 |
787 |
|
DoS |
2017-05-23 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c. |
22626 |
CVE-2017-9202 |
369 |
|
DoS |
2017-05-23 |
2019-09-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. |
22627 |
CVE-2017-9201 |
369 |
|
DoS |
2017-05-23 |
2019-09-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. |
22628 |
CVE-2017-9190 |
416 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid free), related to the free_bitmap function in bitmap.c:24:5. |
22629 |
CVE-2017-9189 |
125 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11. |
22630 |
CVE-2017-9182 |
416 |
|
DoS |
2017-05-23 |
2017-05-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11. |
22631 |
CVE-2017-9181 |
787 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c. |
22632 |
CVE-2017-9180 |
125 |
|
DoS |
2017-05-23 |
2017-05-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14. |
22633 |
CVE-2017-9179 |
125 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14. |
22634 |
CVE-2017-9178 |
787 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11. |
22635 |
CVE-2017-9177 |
125 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:390:12. |
22636 |
CVE-2017-9176 |
787 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25. |
22637 |
CVE-2017-9175 |
787 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25. |
22638 |
CVE-2017-9174 |
125 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:21:23. |
22639 |
CVE-2017-9159 |
787 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15. |
22640 |
CVE-2017-9158 |
787 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_raw function in input-pnm.c:336:11. |
22641 |
CVE-2017-9157 |
787 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14. |
22642 |
CVE-2017-9156 |
787 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12. |
22643 |
CVE-2017-9155 |
125 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the input_pnm_reader function in input-pnm.c:243:3. |
22644 |
CVE-2017-9154 |
125 |
|
DoS |
2017-05-23 |
2017-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:16:11. |
22645 |
CVE-2017-9150 |
200 |
|
+Info |
2017-05-22 |
2017-09-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls. |
22646 |
CVE-2017-9149 |
200 |
|
+Info |
2017-05-22 |
2017-06-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted. |
22647 |
CVE-2017-9147 |
125 |
|
DoS |
2017-05-22 |
2018-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. |
22648 |
CVE-2017-9146 |
119 |
|
DoS Overflow |
2017-05-22 |
2019-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. |
22649 |
CVE-2017-9145 |
79 |
|
XSS |
2017-06-26 |
2017-07-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. |
22650 |
CVE-2017-9144 |
20 |
|
|
2017-05-22 |
2017-11-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. |