CVE-2017-11060

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACANL80211VENDORSUBCMDEXTSCANPNOSETPASSPOINTLIST and QCANL80211VENDORSUBCMDEXTSCANPNOSETLIST cfg80211 vendor commands in...

Google Android Qualcomm WLAN Component Information Disclosure Vulnerability (CNVD-2017-31250)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An information disclosure vulnerability exists in the Google Android Qualcomm WLAN component, which can be exploited by an attacker to obtain sensitive information buffer...

Google Android Qualcomm WLAN component information disclosure vulnerability (CNVD-2017-31247)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An information disclosure vulnerability exists in the Google Android Qualcomm WLAN component, which can be exploited by an attacker to obtain sensitive information buffer...

Google Android Qualcomm WLAN Component Information Disclosure Vulnerability (CNVD-2017-31249)

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An information disclosure vulnerability exists in the Google Android Qualcomm WLAN component, which can be exploited by an attacker to obtain sensitive information buffer...

GNU Binutils libbfd opncls.c bfd_get_debug_link_info_1 Denial of Service Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

PT-2017-3919

Name of the Vulnerable Software and Affected Versions tcpdump versions prior to 4.9.3 Description The issue is related to a buffer over-read in the FRF.16 parser, specifically in the mfr print function within print-fr.c. This can allow a remote attacker to gain unauthorized access to information...

PT-2017-3911

Name of the Vulnerable Software and Affected Versions tcpdump versions prior to 4.9.3 Description The issue is related to a buffer over-read in the LDP parser of the tcpdump utility, specifically in the ldp tlv print function located in print-ldp.c. This can be exploited by a remote attacker to...

PT-2017-3915

Name of the Vulnerable Software and Affected Versions tcpdump versions prior to 4.9.3 Description The issue is related to a buffer over-read in the rsvp obj print function in print-rsvp.c of the tcpdump utility. This can allow a remote attacker to cause a denial of service or potentially gain...

PT-2017-3910

Name of the Vulnerable Software and Affected Versions tcpdump versions prior to 4.9.3 Description The issue is related to a buffer over-read in the ICMP parser, specifically in the icmp print function in print-icmp.c. This can be exploited by a remote attacker to cause a denial of service or...

ALPINE-CVE-2017-1000254

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...

DEBIAN-CVE-2017-1000254

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...

UBUNTU-CVE-2017-13722

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check for PCF files could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server...

UBUNTU-CVE-2017-13720

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash denial of service. This occurs because '\0'...

FTP PWD response parser out of bounds read

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...

PT-2017-13820 · Lame +2 · Lame +2

Name of the Vulnerable Software and Affected Versions: LAME versions 3.98 through 3.99.5 Description: The issue is a heap-based buffer over-read that occurs when handling a malformed file in the k 34 4 function within the vbrquantize.c file. Recommendations: For LAME versions 3.98 through 3.99.5,...

UBUNTU-CVE-2017-1000254

libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...

dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code

An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet...

PYSEC-2017-133

There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack...

CVE-2017-11002

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur...

USN-3424-1: libxml2 vulnerabilities

It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. CVE-2017-0663 It was discovered that libxml2 did not properly validate parsed entity references. An...