|
256371
|
3.1 |
LOW
Network
|
connect2id
|
nimbus_jose\+jwt
|
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2017-12973
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256372
|
7.5 |
HIGH
Network
|
connect2id
|
nimbus_jose\+jwt
|
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authe…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-12972
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256373
|
6.5 |
MEDIUM
Network
|
asn1c_project
|
asn1c
|
The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12966
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256374
|
6.5 |
MEDIUM
Network
|
gnu
|
binutils
|
The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12967
|
2024-11-21 12:10 |
2017-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256375
|
7.5 |
HIGH
Network
|
libsass
|
libsass
|
There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack.
|
CWE-674
Uncontrolled Recursion
|
CVE-2017-12964
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256376
|
7.5 |
HIGH
Network
|
libsass
|
libsass
|
There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitabl…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12963
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256377
|
7.5 |
HIGH
Network
|
libsass
|
libsass
|
There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-12962
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256378
|
7.5 |
HIGH
Network
|
gnu
|
pspp
|
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
|
CWE-20
Improper Input Validation
|
CVE-2017-12961
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256379
|
7.5 |
HIGH
Network
|
gnu
|
pspp
|
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
|
CWE-617
Reachable Assertion
|
CVE-2017-12960
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256380
|
7.5 |
HIGH
Network
|
gnu
|
pspp
|
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.
|
CWE-617
Reachable Assertion
|
CVE-2017-12959
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
