Search Results (2259 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5219 10 Canonical, Debian, Fedoraproject and 7 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2025-04-20 7.5 High
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.
CVE-2017-16995 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2025-04-20 7.8 High
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
CVE-2017-17862 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 N/A
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.
CVE-2017-13078 7 Canonical, Debian, Freebsd and 4 more 13 Ubuntu Linux, Debian Linux, Freebsd and 10 more 2025-04-20 N/A
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-11176 3 Debian, Linux, Redhat 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more 2025-04-20 7.8 High
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
CVE-2017-5120 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 6.5 Medium
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring).
CVE-2017-5121 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Chrome and 6 more 2025-04-20 8.8 High
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase.
CVE-2017-16939 3 Debian, Linux, Redhat 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more 2025-04-20 7.8 High
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
CVE-2015-7977 9 Canonical, Debian, Fedoraproject and 6 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2025-04-20 5.9 Medium
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
CVE-2017-5118 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 4.3 Medium
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2017-5117 5 Debian, Google, Linux and 2 more 5 Debian Linux, Chrome, Linux Kernel and 2 more 2025-04-20 N/A
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2017-5114 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 8.8 High
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
CVE-2017-5113 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 8.8 High
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-5111 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Chrome and 6 more 2025-04-20 8.8 High
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
CVE-2017-5110 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 6.5 Medium
Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.
CVE-2017-5106 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 6.5 Medium
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-17863 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 N/A
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.
CVE-2017-5109 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Chrome and 6 more 2025-04-20 4.3 Medium
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.
CVE-2017-5105 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 6.5 Medium
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-5102 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 4.3 Medium
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.