Total
3259 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5428 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2024-11-21 | N/A |
| An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1. | ||||
| CVE-2017-5333 | 5 Canonical, Debian, Icoutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more | 2024-11-21 | 7.8 High |
| Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file. | ||||
| CVE-2017-5332 | 5 Canonical, Debian, Icoutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more | 2024-11-21 | 7.8 High |
| The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | ||||
| CVE-2017-5331 | 4 Canonical, Debian, Icoutils Project and 1 more | 5 Ubuntu Linux, Debian Linux, Icoutils and 2 more | 2024-11-21 | 7.8 High |
| Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | ||||
| CVE-2017-5131 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2024-11-21 | N/A |
| An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write. | ||||
| CVE-2017-4950 | 2 Apple, Vmware | 3 Mac Os X, Fusion, Workstation | 2024-11-21 | N/A |
| VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default. | ||||
| CVE-2017-2918 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | ||||
| CVE-2017-2908 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog. | ||||
| CVE-2017-2907 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. | ||||
| CVE-2017-2906 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. | ||||
| CVE-2017-2905 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2904 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2903 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2902 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2901 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2900 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2899 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2838 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-11-21 | 5.9 Medium |
| An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | ||||
| CVE-2017-2837 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-11-21 | 5.9 Medium |
| An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | ||||
| CVE-2017-2836 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-11-21 | 5.9 Medium |
| An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | ||||