CVE-2017-1000377 CVSS:4.6
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time). (Last Update:2017-07-05) (Publish Update:2017-06-19)
CVE-2017-1000374 CVSS:7.5
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions. (Last Update:2017-06-29) (Publish Update:2017-06-19)
CVE-2017-1000372 CVSS:7.5
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions. (Last Update:2017-06-29) (Publish Update:2017-06-19)
CVE-2017-1000365 CVSS:7.2
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23. (Last Update:2017-06-27) (Publish Update:2017-06-19)
CVE-2017-1000364 CVSS:6.2
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). (Last Update:2017-07-06) (Publish Update:2017-06-19)
CVE-2017-1000071 CVSS:6.8
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. (Last Update:2017-08-04) (Publish Update:2017-07-17)
CVE-2017-1000052 CVSS:4.6
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions. (Last Update:2017-08-03) (Publish Update:2017-07-17)
CVE-2017-1000045 CVSS:6.8
Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking (Last Update:2017-07-26) (Publish Update:2017-07-17)
CVE-2017-1000020 CVSS:10.0
SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others." (Last Update:2017-08-15) (Publish Update:2017-07-17)
CVE-2017-1000002 CVSS:7.5
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. (Last Update:2017-07-27) (Publish Update:2017-07-17)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com