CVE-2017-1000378 CVSS:7.5
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions. (Last Update:2017-06-29) (Publish Update:2017-06-19)
CVE-2017-1000376 CVSS:6.9
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. (Last Update:2017-11-03) (Publish Update:2017-06-19)
CVE-2017-1000375 CVSS:7.5
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions. (Last Update:2017-08-11) (Publish Update:2017-06-19)
CVE-2017-1000374 CVSS:7.5
A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions. (Last Update:2017-06-29) (Publish Update:2017-06-19)
CVE-2017-1000373 CVSS:6.4
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions. (Last Update:2017-10-23) (Publish Update:2017-06-19)
CVE-2017-1000372 CVSS:7.5
A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions. (Last Update:2017-06-29) (Publish Update:2017-06-19)
CVE-2017-1000369 CVSS:2.1
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. (Last Update:2017-11-03) (Publish Update:2017-06-19)
CVE-2017-1000368 CVSS:7.2
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. (Last Update:2017-10-30) (Publish Update:2017-06-05)
CVE-2017-1000367 CVSS:6.9
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. (Last Update:2017-08-12) (Publish Update:2017-06-05)
CVE-2017-1000366 CVSS:7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. (Last Update:2017-11-03) (Publish Update:2017-06-19)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com