| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-5381 |
400 |
|
DoS |
2018-02-19 |
2018-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. |
|
2 |
CVE-2017-16612 |
190 |
|
Overflow |
2017-12-01 |
2018-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. |
|
3 |
CVE-2017-16611 |
254 |
|
|
2017-12-01 |
2018-01-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. |
|
4 |
CVE-2017-15275 |
119 |
|
Overflow +Info |
2017-11-27 |
2018-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. |
|
5 |
CVE-2017-15130 |
399 |
|
DoS |
2018-03-02 |
2018-03-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. |
|
6 |
CVE-2017-14746 |
416 |
|
Exec Code |
2017-11-27 |
2017-12-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. |
|
7 |
CVE-2017-14496 |
191 |
|
DoS |
2017-10-02 |
2018-03-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. |
|
8 |
CVE-2017-14495 |
399 |
|
DoS |
2017-10-02 |
2018-03-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. |
|
9 |
CVE-2017-14494 |
200 |
|
+Info |
2017-10-02 |
2018-03-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. |
|
10 |
CVE-2017-14493 |
119 |
|
DoS Exec Code Overflow |
2017-10-02 |
2018-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. |
|
11 |
CVE-2017-14492 |
119 |
|
DoS Exec Code Overflow |
2017-10-02 |
2018-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. |
|
12 |
CVE-2017-14491 |
119 |
|
DoS Exec Code Overflow |
2017-10-03 |
2018-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. |
|
13 |
CVE-2017-14180 |
400 |
|
DoS +Priv |
2018-02-02 |
2018-02-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. |
|
14 |
CVE-2017-14179 |
400 |
|
DoS +Priv |
2018-02-02 |
2018-02-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. |
|
15 |
CVE-2017-14177 |
400 |
|
DoS +Priv |
2018-02-02 |
2018-02-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. |
|
16 |
CVE-2017-14176 |
77 |
|
Exec Code |
2017-11-27 |
2017-12-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. |
|
17 |
CVE-2017-13704 |
20 |
|
|
2017-10-02 |
2017-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. |
|
18 |
CVE-2017-13088 |
254 |
|
|
2017-10-17 |
2017-11-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. |
|
19 |
CVE-2017-13087 |
254 |
|
|
2017-10-17 |
2017-11-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. |
|
20 |
CVE-2017-13086 |
254 |
|
|
2017-10-17 |
2017-11-16 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
|
21 |
CVE-2017-13084 |
254 |
|
|
2017-10-17 |
2017-11-11 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
|
22 |
CVE-2017-13082 |
254 |
|
|
2017-10-17 |
2018-01-18 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
|
23 |
CVE-2017-13081 |
254 |
|
|
2017-10-17 |
2018-01-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
|
24 |
CVE-2017-13080 |
254 |
|
|
2017-10-17 |
2018-02-03 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. |
|
25 |
CVE-2017-13079 |
254 |
|
|
2017-10-17 |
2018-01-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. |
|
26 |
CVE-2017-13078 |
254 |
|
|
2017-10-17 |
2018-01-18 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. |
|
27 |
CVE-2017-13077 |
254 |
|
|
2017-10-16 |
2018-01-18 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. |
|
28 |
CVE-2017-12836 |
77 |
|
Exec Code |
2017-08-24 |
2017-09-25 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." |
|
29 |
CVE-2017-8806 |
59 |
|
DoS |
2017-11-13 |
2017-12-08 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. |
|
30 |
CVE-2017-8386 |
264 |
|
+Priv |
2017-06-01 |
2018-01-04 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. |
|
31 |
CVE-2017-7980 |
119 |
|
DoS Exec Code Overflow |
2017-07-25 |
2018-01-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. |
|
32 |
CVE-2017-7358 |
22 |
|
Dir. Trav. |
2017-04-05 |
2017-08-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out. |
|
33 |
CVE-2017-6964 |
388 |
|
Exec Code |
2017-03-27 |
2017-11-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS. |
|
34 |
CVE-2017-6590 |
284 |
|
Exec Code |
2017-03-09 |
2017-07-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries. |
|
35 |
CVE-2017-6362 |
415 |
|
DoS |
2017-09-07 |
2017-09-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. |
|
36 |
CVE-2017-5936 |
254 |
|
Bypass |
2017-04-12 |
2017-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions. |
|
37 |
CVE-2016-10109 |
416 |
|
DoS |
2017-02-23 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. |
|
38 |
CVE-2016-9963 |
320 |
|
|
2017-02-01 |
2017-02-15 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. |
|
39 |
CVE-2016-9775 |
264 |
|
+Priv |
2017-03-23 |
2017-03-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack. |
|
40 |
CVE-2016-9774 |
59 |
|
+Priv +Info |
2017-03-23 |
2017-03-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory. |
|
41 |
CVE-2016-9243 |
20 |
|
|
2017-03-27 |
2017-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. |
|
42 |
CVE-2016-9119 |
79 |
|
XSS |
2017-01-30 |
2017-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
43 |
CVE-2016-9014 |
264 |
|
|
2016-12-09 |
2017-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. |
|
44 |
CVE-2016-9013 |
798 |
|
|
2016-12-09 |
2017-11-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary. |
|
45 |
CVE-2016-7795 |
20 |
|
DoS |
2016-10-13 |
2017-07-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. |
|
46 |
CVE-2016-7401 |
254 |
|
Bypass CSRF |
2016-10-03 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. |
|
47 |
CVE-2016-7162 |
20 |
|
|
2016-09-26 |
2016-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. |
|
48 |
CVE-2016-7117 |
19 |
|
Exec Code |
2016-10-10 |
2018-01-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. |
|
49 |
CVE-2016-7045 |
119 |
|
DoS Overflow |
2016-09-27 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. |
|
50 |
CVE-2016-7044 |
119 |
|
DoS Overflow |
2016-09-27 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. |
