10 matches found
UBUNTU-CVE-2017-15407
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server...
UBUNTU-CVE-2017-13099
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."...
UBUNTU-CVE-2017-1000190
SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...
UBUNTU-CVE-2017-7805
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer...
UBUNTU-CVE-2017-7557
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack...
UBUNTU-CVE-2017-12934
ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP...
UBUNTU-CVE-2017-12600
OpenCV Open Source Computer Vision Library through 3.3 has a denial of service CPU consumption issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case...
UBUNTU-CVE-2017-9989
util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service NULL pointer dereference attack...
UBUNTU-CVE-2017-7524
tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC...
UBUNTU-CVE-2017-7586
In libsndfile before 1.0.28, an error in the "headerread" function common.c when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file...