CVE-2017-1000377 CVSS:4.6
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time). (Last Update:2017-07-05) (Publish Update:2017-06-19)
CVE-2017-1000376 CVSS:6.9
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. (Last Update:2017-07-05) (Publish Update:2017-06-19)
CVE-2017-1000375 CVSS:7.5
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions. (Last Update:2017-06-29) (Publish Update:2017-06-19)
CVE-2017-1000366 CVSS:7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. (Last Update:2017-07-06) (Publish Update:2017-06-19)
CVE-2017-1000364 CVSS:6.2
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). (Last Update:2017-07-06) (Publish Update:2017-06-19)
CVE-2017-1000363 CVSS:0.0
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line. (Last Update:2017-07-17) (Publish Update:2017-07-17)
CVE-2017-1000075 CVSS:7.5
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function (Last Update:2017-07-19) (Publish Update:2017-07-17)
CVE-2017-1000074 CVSS:7.5
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. (Last Update:2017-07-19) (Publish Update:2017-07-17)
CVE-2017-1000073 CVSS:7.5
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. (Last Update:2017-07-19) (Publish Update:2017-07-17)
CVE-2017-1000044 CVSS:7.5
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering (Last Update:2017-07-19) (Publish Update:2017-07-17)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com