|
264481
|
7.5 |
HIGH
Network
|
connect2id
|
nimbus_jose\+jwt
|
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authe…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-12972
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264482
|
6.5 |
MEDIUM
Network
|
asn1c_project
|
asn1c
|
The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12966
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264483
|
6.5 |
MEDIUM
Network
|
gnu
|
binutils
|
The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12967
|
2024-11-21 12:10 |
2017-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264484
|
7.5 |
HIGH
Network
|
libsass
|
libsass
|
There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack.
|
CWE-674
Uncontrolled Recursion
|
CVE-2017-12964
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264485
|
7.5 |
HIGH
Network
|
libsass
|
libsass
|
There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitabl…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12963
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264486
|
7.5 |
HIGH
Network
|
libsass
|
libsass
|
There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-12962
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264487
|
7.5 |
HIGH
Network
|
gnu
|
pspp
|
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
|
CWE-20
Improper Input Validation
|
CVE-2017-12961
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264488
|
7.5 |
HIGH
Network
|
gnu
|
pspp
|
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
|
CWE-617
Reachable Assertion
|
CVE-2017-12960
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264489
|
7.5 |
HIGH
Network
|
gnu
|
pspp
|
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.
|
CWE-617
Reachable Assertion
|
CVE-2017-12959
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264490
|
7.5 |
HIGH
Network
|
gnu
|
pspp
|
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12958
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
