CVE-2017-12954
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
Source: CVE-2017-12954
[월:] 2017년 08월
CVE-2017-12953
CVE-2017-12953
The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
Source: CVE-2017-12953
CVE-2017-12952
CVE-2017-12952
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
Source: CVE-2017-12952
CVE-2017-3735
CVE-2017-3735
While parsing an IPAdressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.
Source: CVE-2017-3735
CVE-2017-12951
CVE-2017-12951
The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.
Source: CVE-2017-12951
CVE-2017-12950
CVE-2017-12950
The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
Source: CVE-2017-12950
CVE-2017-6594
CVE-2017-6594
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
Source: CVE-2017-6594
CVE-2017-9978
CVE-2017-9978
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don’t exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.
Source: CVE-2017-9978
CVE-2017-12924
CVE-2017-12924
CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image.
Source: CVE-2017-12924
CVE-2017-9979
CVE-2017-9979
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn’t sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS.
Source: CVE-2017-9979