# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
24351 |
CVE-2017-6311 |
476 |
|
DoS |
2017-03-09 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. |
24352 |
CVE-2017-6310 |
125 |
|
|
2017-02-23 |
2017-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker. |
24353 |
CVE-2017-6309 |
125 |
|
|
2017-02-23 |
2017-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker. |
24354 |
CVE-2017-6308 |
190 |
|
Overflow |
2017-02-23 |
2017-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. |
24355 |
CVE-2017-6307 |
125 |
|
|
2017-02-23 |
2017-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker. |
24356 |
CVE-2017-6306 |
22 |
|
Dir. Trav. |
2017-02-23 |
2019-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c." |
24357 |
CVE-2017-6305 |
125 |
|
|
2017-02-23 |
2019-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write." |
24358 |
CVE-2017-6304 |
125 |
|
|
2017-02-23 |
2019-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." |
24359 |
CVE-2017-6303 |
190 |
|
Overflow |
2017-02-23 |
2019-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow." |
24360 |
CVE-2017-6302 |
190 |
|
Overflow |
2017-02-23 |
2019-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." |
24361 |
CVE-2017-6301 |
125 |
|
|
2017-02-23 |
2019-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads." |
24362 |
CVE-2017-6300 |
119 |
|
Overflow |
2017-02-23 |
2019-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h." |
24363 |
CVE-2017-6299 |
835 |
|
|
2017-02-23 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c." |
24364 |
CVE-2017-6298 |
476 |
|
|
2017-02-23 |
2019-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked." |
24365 |
CVE-2017-6297 |
311 |
|
|
2017-02-27 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. |
24366 |
CVE-2017-6296 |
362 |
|
DoS |
2018-03-06 |
2018-03-27 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
NVIDIA TrustZone Software contains a TOCTOU issue in the DRM application which may lead to the denial of service or possible escalation of privileges. This issue is rated as moderate. |
24367 |
CVE-2017-6295 |
125 |
|
DoS |
2018-03-06 |
2018-03-27 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high. |
24368 |
CVE-2017-6288 |
125 |
|
|
2018-03-12 |
2018-04-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-65482562. Reference: N-CVE-2017-6288. |
24369 |
CVE-2017-6287 |
125 |
|
|
2018-03-12 |
2018-04-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate.Product: Android. Version: N/A. Android: A-64893264. Reference: N-CVE-2017-6287. |
24370 |
CVE-2017-6285 |
125 |
|
|
2018-03-12 |
2018-04-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-64893156. Reference: N-CVE-2017-6285. |
24371 |
CVE-2017-6284 |
326 |
|
|
2018-03-06 |
2019-04-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate. |
24372 |
CVE-2017-6283 |
200 |
|
+Info |
2018-03-06 |
2018-03-27 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high. |
24373 |
CVE-2017-6280 |
125 |
|
+Info |
2018-03-06 |
2018-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980. |
24374 |
CVE-2017-6278 |
119 |
|
DoS Overflow |
2018-03-26 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. |
24375 |
CVE-2017-6275 |
200 |
|
+Info |
2017-11-14 |
2019-08-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275. |
24376 |
CVE-2017-6273 |
119 |
|
DoS Overflow |
2017-10-17 |
2017-11-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges. |
24377 |
CVE-2017-6271 |
369 |
|
DoS |
2017-09-22 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service. |
24378 |
CVE-2017-6270 |
369 |
|
DoS |
2017-09-22 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service. |
24379 |
CVE-2017-6267 |
665 |
|
DoS |
2017-09-22 |
2019-10-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. |
24380 |
CVE-2017-6266 |
284 |
|
DoS |
2017-09-22 |
2017-09-28 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. |
24381 |
CVE-2017-6262 |
416 |
|
Exec Code |
2017-12-06 |
2017-12-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38045794. References: N-CVE-2017-6262. |
24382 |
CVE-2017-6261 |
20 |
|
DoS |
2019-06-05 |
2019-06-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure. |
24383 |
CVE-2017-6260 |
119 |
|
DoS Overflow |
2017-07-28 |
2017-08-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service. |
24384 |
CVE-2017-6256 |
20 |
|
DoS |
2017-07-28 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges. |
24385 |
CVE-2017-6250 |
|
|
Exec Code |
2017-04-28 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution. |
24386 |
CVE-2017-6227 |
|
|
DoS |
2018-02-08 |
2019-10-02 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system. |
24387 |
CVE-2017-6225 |
79 |
|
Exec Code XSS |
2018-02-08 |
2018-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. |
24388 |
CVE-2017-6217 |
79 |
|
Exec Code XSS |
2019-07-10 |
2019-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution |
24389 |
CVE-2017-6216 |
79 |
|
Exec Code XSS |
2019-07-03 |
2019-07-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a reflected XSS in the leadscoring.php resulting code execution |
24390 |
CVE-2017-6215 |
79 |
|
Exec Code XSS |
2018-08-02 |
2018-09-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. |
24391 |
CVE-2017-6214 |
835 |
|
DoS |
2017-02-23 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. |
24392 |
CVE-2017-6213 |
79 |
|
Exec Code XSS |
2018-08-02 |
2018-09-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. |
24393 |
CVE-2017-6210 |
476 |
|
DoS |
2017-03-15 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero). |
24394 |
CVE-2017-6209 |
119 |
|
DoS Overflow |
2017-03-15 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties. |
24395 |
CVE-2017-6206 |
200 |
|
+Info |
2017-02-23 |
2017-08-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors. |
24396 |
CVE-2017-6201 |
918 |
|
Bypass |
2018-02-06 |
2018-03-13 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly. |
24397 |
CVE-2017-6200 |
200 |
|
+Info |
2018-02-06 |
2018-03-13 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name. |
24398 |
CVE-2017-6198 |
400 |
|
DoS |
2018-02-06 |
2018-03-13 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space. |
24399 |
CVE-2017-6197 |
476 |
|
DoS |
2017-02-23 |
2017-03-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function. |
24400 |
CVE-2017-6196 |
416 |
|
DoS |
2017-02-23 |
2017-08-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document. |