| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1000379 |
|
|
|
2017-06-19 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. |
|
2 |
CVE-2017-1000378 |
400 |
|
Exec Code |
2017-06-19 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions. |
|
3 |
CVE-2017-1000377 |
119 |
|
Overflow Bypass |
2017-06-19 |
2017-07-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time). |
|
4 |
CVE-2017-1000376 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2020-01-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. |
|
5 |
CVE-2017-1000375 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2017-08-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions. |
|
6 |
CVE-2017-1000374 |
|
|
Exec Code Bypass |
2017-06-19 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions. |
|
7 |
CVE-2017-1000373 |
400 |
|
Exec Code |
2017-06-19 |
2017-10-24 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions. |
|
8 |
CVE-2017-1000372 |
|
|
Exec Code Bypass |
2017-06-19 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions. |
|
9 |
CVE-2017-1000371 |
|
|
|
2017-06-19 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above 0x80000000 the minimum distance between the end of the PIE binary's read-write segment and the start of the stack becomes small enough that the stack guard page can be jumped over by an attacker. This affects Linux Kernel version 4.11.5. This is a different issue than CVE-2017-1000370 and CVE-2017-1000365. This issue appears to be limited to i386 based systems. |
|
10 |
CVE-2017-1000370 |
|
|
|
2017-06-19 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the protection of the offset2lib patch. This affects Linux Kernel version 4.11.5 and earlier. This is a different issue than CVE-2017-1000371. This issue appears to be limited to i386 based systems. |
|
11 |
CVE-2017-1000368 |
20 |
|
Exec Code |
2017-06-05 |
2019-05-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. |
|
12 |
CVE-2017-1000367 |
362 |
|
Exec Code |
2017-06-05 |
2019-10-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. |
|
13 |
CVE-2017-1000366 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2020-10-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. |
|
14 |
CVE-2017-1000365 |
|
|
Bypass |
2017-06-19 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23. |
|
15 |
CVE-2017-1000364 |
119 |
|
Overflow Bypass |
2017-06-19 |
2018-10-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). |
|
16 |
CVE-2017-10709 |
287 |
|
Bypass |
2017-06-30 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. |
|
17 |
CVE-2017-10699 |
787 |
|
DoS Exec Code |
2017-06-30 |
2017-11-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution. |
|
18 |
CVE-2017-10688 |
20 |
|
DoS |
2017-06-29 |
2018-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. |
|
19 |
CVE-2017-10687 |
125 |
|
DoS |
2017-06-29 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack. |
|
20 |
CVE-2017-10686 |
416 |
|
Exec Code |
2017-06-29 |
2019-03-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack. |
|
21 |
CVE-2017-10685 |
134 |
|
Exec Code |
2017-06-29 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. |
|
22 |
CVE-2017-10684 |
119 |
|
Exec Code Overflow |
2017-06-29 |
2021-06-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. |
|
23 |
CVE-2017-10683 |
125 |
|
DoS |
2017-06-29 |
2020-03-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack. |
|
24 |
CVE-2017-10682 |
89 |
|
Exec Code Sql |
2017-06-29 |
2017-12-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php. |
|
25 |
CVE-2017-10681 |
352 |
|
CSRF |
2017-06-29 |
2017-07-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. |
|
26 |
CVE-2017-10680 |
352 |
|
CSRF |
2017-06-29 |
2017-07-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. |
|
27 |
CVE-2017-10679 |
200 |
|
+Info |
2017-06-29 |
2017-07-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed. |
|
28 |
CVE-2017-10678 |
352 |
|
CSRF |
2017-06-29 |
2017-07-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. |
|
29 |
CVE-2017-10674 |
20 |
|
DoS |
2017-06-30 |
2017-07-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call. |
|
30 |
CVE-2017-10673 |
79 |
|
XSS |
2017-06-29 |
2019-12-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
admin/profile.php in GetSimple CMS 3.x has XSS in a name field. |
|
31 |
CVE-2017-10672 |
416 |
|
Exec Code |
2017-06-29 |
2020-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. |
|
32 |
CVE-2017-10671 |
119 |
|
DoS Overflow |
2017-06-29 |
2017-07-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename. |
|
33 |
CVE-2017-10670 |
611 |
|
|
2017-06-30 |
2017-07-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure. |
|
34 |
CVE-2017-10669 |
347 |
|
|
2017-06-30 |
2017-07-06 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs. |
|
35 |
CVE-2017-10668 |
327 |
|
|
2017-06-30 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption. |
|
36 |
CVE-2017-10667 |
79 |
|
XSS |
2017-06-29 |
2017-07-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. |
|
37 |
CVE-2017-9998 |
119 |
|
DoS Overflow |
2017-06-28 |
2022-03-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. |
|
38 |
CVE-2017-9996 |
119 |
|
DoS Overflow |
2017-06-28 |
2017-07-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
|
39 |
CVE-2017-9995 |
119 |
|
DoS Overflow |
2017-06-28 |
2017-07-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. |
|
40 |
CVE-2017-9994 |
119 |
|
DoS Overflow |
2017-06-28 |
2019-03-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. |
|
41 |
CVE-2017-9993 |
200 |
|
+Info |
2017-06-28 |
2019-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. |
|
42 |
CVE-2017-9992 |
119 |
|
DoS Overflow |
2017-06-28 |
2019-03-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
|
43 |
CVE-2017-9991 |
119 |
|
DoS Overflow |
2017-06-28 |
2017-07-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
|
44 |
CVE-2017-9990 |
119 |
|
DoS Overflow |
2017-06-28 |
2017-07-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
|
45 |
CVE-2017-9989 |
476 |
|
DoS |
2017-06-28 |
2019-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack. |
|
46 |
CVE-2017-9988 |
476 |
|
DoS |
2017-06-28 |
2019-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. |
|
47 |
CVE-2017-9987 |
119 |
|
DoS Overflow |
2017-06-28 |
2019-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack. |
|
48 |
CVE-2017-9986 |
125 |
|
DoS |
2017-06-28 |
2017-07-01 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. |
|
49 |
CVE-2017-9985 |
125 |
|
DoS |
2017-06-28 |
2018-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. |
|
50 |
CVE-2017-9984 |
125 |
|
DoS |
2017-06-28 |
2018-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. |
