CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2017(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000377 119 Overflow Bypass 2017-06-19 2017-07-05
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time).
2 CVE-2017-1000376 119 Exec Code Overflow 2017-06-19 2017-07-05
6.9
None Local Medium Not required Complete Complete Complete
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
3 CVE-2017-1000375 119 Exec Code Overflow 2017-06-19 2017-08-11
7.5
None Remote Low Not required Partial Partial Partial
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
4 CVE-2017-1000366 119 Exec Code Overflow 2017-06-19 2017-08-11
7.2
None Local Low Not required Complete Complete Complete
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
5 CVE-2017-1000364 119 Overflow Bypass 2017-06-19 2017-07-06
6.2
None Local High Not required Complete Complete Complete
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
6 CVE-2017-1000363 787 Overflow 2017-07-17 2017-07-27
7.2
None Local Low Not required Complete Complete Complete
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
7 CVE-2017-1000251 Exec Code Overflow 2017-09-12 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
8 CVE-2017-1000075 119 Overflow 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function
9 CVE-2017-1000074 119 Overflow 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.
10 CVE-2017-1000073 119 Exec Code Overflow 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution.
11 CVE-2017-1000044 119 Overflow Mem. Corr. 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering
12 CVE-2017-14553 119 DoS Exec Code Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x00000000000085f5."
13 CVE-2017-14552 119 DoS Exec Code Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9a9."
14 CVE-2017-14551 119 DoS Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9f2."
15 CVE-2017-14550 119 DoS Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000e8b8."
16 CVE-2017-14549 119 DoS Exec Code Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
17 CVE-2017-14548 119 DoS Exec Code Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000854d."
18 CVE-2017-14547 119 DoS Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mobi file, related to a "Read Access Violation starting at STDUMOBIFile!DllUnregisterServer+0x000000000002efc0."
19 CVE-2017-14546 119 DoS Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
20 CVE-2017-14545 119 DoS Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000010332."
21 CVE-2017-14544 119 DoS Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUEPubFile!DllUnregisterServer+0x000000000003fff1."
22 CVE-2017-14543 119 DoS Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335."
23 CVE-2017-14542 119 DoS Exec Code Overflow 2017-09-18 2017-09-19
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .epub file, related to a "Read Access Violation on Block Data Move starting at STDUEPubFile!DllUnregisterServer+0x0000000000010262."
24 CVE-2017-14515 DoS Overflow 2017-09-17 2017-09-17
0.0
None ??? ??? ??? ??? ??? ???
Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors.
25 CVE-2017-14497 DoS Overflow Mem. Corr. 2017-09-15 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.
26 CVE-2017-14411 787 DoS Exec Code Overflow 2017-09-12 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
27 CVE-2017-14409 787 DoS Exec Code Overflow 2017-09-12 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
28 CVE-2017-14348 Overflow 2017-09-12 2017-09-12
0.0
None ??? ??? ??? ??? ??? ???
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
29 CVE-2017-14344 Exec Code Overflow 2017-09-12 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
30 CVE-2017-14343 119 Overflow 2017-09-12 2017-09-15
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
31 CVE-2017-14333 190 DoS Overflow 2017-09-12 2017-09-18
4.3
None Remote Medium Not required None None Partial
The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution.
32 CVE-2017-14326 119 DoS Overflow 2017-09-12 2017-09-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
33 CVE-2017-14324 119 DoS Overflow 2017-09-12 2017-09-13
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file.
34 CVE-2017-14315 Overflow +Priv Bypass 2017-09-12 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.
35 CVE-2017-14310 119 DoS Overflow 2017-09-11 2017-09-18
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869."
36 CVE-2017-14309 119 DoS Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8."
37 CVE-2017-14308 119 DoS Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd."
38 CVE-2017-14307 119 DoS Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402."
39 CVE-2017-14306 119 DoS Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10."
40 CVE-2017-14305 119 DoS Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578."
41 CVE-2017-14304 119 DoS Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0."
42 CVE-2017-14303 119 DoS Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047."
43 CVE-2017-14302 119 DoS Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7."
44 CVE-2017-14301 119 DoS Exec Code Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3."
45 CVE-2017-14300 119 DoS Exec Code Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x0000000000004479."
46 CVE-2017-14299 119 DoS Exec Code Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x000000000000384b."
47 CVE-2017-14298 119 DoS Exec Code Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8."
48 CVE-2017-14297 119 DoS Exec Code Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35."
49 CVE-2017-14296 119 DoS Exec Code Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e6."
50 CVE-2017-14294 119 DoS Exec Code Overflow 2017-09-11 2017-09-13
4.6
None Local Low Not required Partial Partial Partial
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e."
Total number of vulnerabilities : 2038   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.