| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1000366 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2019-09-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. |
|
2 |
CVE-2017-14496 |
191 |
|
DoS |
2017-10-02 |
2018-05-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. |
|
3 |
CVE-2017-14495 |
772 |
|
DoS |
2017-10-02 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. |
|
4 |
CVE-2017-14494 |
200 |
|
+Info |
2017-10-02 |
2018-03-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. |
|
5 |
CVE-2017-14492 |
119 |
|
DoS Exec Code Overflow |
2017-10-02 |
2018-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. |
|
6 |
CVE-2017-14491 |
119 |
|
DoS Exec Code Overflow |
2017-10-03 |
2018-05-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. |
|
7 |
CVE-2017-13704 |
20 |
|
|
2017-10-02 |
2018-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. |
|
8 |
CVE-2017-9277 |
|
|
|
2018-03-02 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. |
|
9 |
CVE-2017-9267 |
|
|
|
2018-03-02 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. |
|
10 |
CVE-2017-8932 |
682 |
|
|
2017-07-06 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. |
|
11 |
CVE-2017-7995 |
200 |
|
+Info |
2017-05-03 |
2017-05-15 |
1.7 |
None |
Local |
Low |
Single system |
Partial |
None |
None |
|
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. |
|
12 |
CVE-2017-7432 |
|
|
|
2017-05-03 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. |
|
13 |
CVE-2017-7431 |
352 |
|
CSRF |
2017-05-03 |
2017-05-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. |
|
14 |
CVE-2017-7430 |
79 |
|
XSS |
2017-05-03 |
2017-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. |
|
15 |
CVE-2017-5186 |
327 |
|
|
2017-04-27 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. |
|
16 |
CVE-2017-5182 |
22 |
|
Dir. Trav. |
2017-01-23 |
2017-07-25 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). |
|
17 |
CVE-2016-9961 |
189 |
|
|
2017-06-06 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
game-music-emu before 0.6.1 mishandles unspecified integer values. |
|
18 |
CVE-2016-9960 |
369 |
|
DoS |
2017-06-06 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). |
|
19 |
CVE-2016-9169 |
79 |
|
XSS |
2017-03-23 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks. |
|
20 |
CVE-2016-9168 |
20 |
|
|
2017-03-23 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. |
|
21 |
CVE-2016-9167 |
264 |
|
|
2017-03-23 |
2017-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. |
|
22 |
CVE-2016-9106 |
399 |
|
DoS |
2016-12-09 |
2018-12-01 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector. |
|
23 |
CVE-2016-7796 |
20 |
|
DoS |
2016-10-13 |
2017-07-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. |
|
24 |
CVE-2016-7052 |
476 |
|
DoS |
2016-09-26 |
2018-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. |
|
25 |
CVE-2016-6306 |
125 |
|
DoS |
2016-09-26 |
2018-07-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. |
|
26 |
CVE-2016-6304 |
399 |
|
DoS |
2016-09-26 |
2018-04-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. |
|
27 |
CVE-2016-5829 |
119 |
|
DoS Overflow |
2016-06-27 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. |
|
28 |
CVE-2016-5828 |
20 |
|
DoS |
2016-06-27 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. |
|
29 |
CVE-2016-5763 |
254 |
|
|
2016-11-15 |
2016-11-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update 10991, OES11 SP2 before Scheduled Maintenance Update 10989) might allow authenticated remote attackers to perform unauthorized file access and modification. |
|
30 |
CVE-2016-5762 |
190 |
|
Exec Code Overflow |
2017-04-20 |
2019-05-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. |
|
31 |
CVE-2016-5761 |
79 |
|
XSS |
2017-04-20 |
2019-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. |
|
32 |
CVE-2016-5760 |
79 |
|
XSS |
2017-04-20 |
2019-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp. |
|
33 |
CVE-2016-5759 |
20 |
|
|
2017-09-08 |
2018-10-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. |
|
34 |
CVE-2016-5747 |
284 |
|
Bypass |
2017-03-23 |
2017-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. |
|
35 |
CVE-2016-5118 |
284 |
|
Exec Code |
2016-06-10 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. |
|
36 |
CVE-2016-4997 |
264 |
|
DoS +Priv Mem. Corr. |
2016-07-03 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. |
|
37 |
CVE-2016-4957 |
20 |
|
DoS |
2016-07-04 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. |
|
38 |
CVE-2016-4956 |
19 |
|
DoS |
2016-07-04 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. |
|
39 |
CVE-2016-4955 |
362 |
|
DoS |
2016-07-04 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. |
|
40 |
CVE-2016-4913 |
200 |
|
+Info |
2016-05-23 |
2018-10-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. |
|
41 |
CVE-2016-4805 |
416 |
|
DoS Mem. Corr. |
2016-05-23 |
2019-04-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. |
|
42 |
CVE-2016-4578 |
200 |
|
+Info |
2016-05-23 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions. |
|
43 |
CVE-2016-4569 |
200 |
|
+Info |
2016-05-23 |
2018-01-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. |
|
44 |
CVE-2016-4486 |
200 |
|
+Info |
2016-05-23 |
2018-12-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. |
|
45 |
CVE-2016-4485 |
200 |
|
+Info |
2016-05-23 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. |
|
46 |
CVE-2016-4482 |
200 |
|
+Info |
2016-05-23 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. |
|
47 |
CVE-2016-4470 |
|
|
DoS |
2016-06-27 |
2019-04-22 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. |
|
48 |
CVE-2016-4303 |
119 |
|
DoS Exec Code Overflow |
2016-09-26 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. |
|
49 |
CVE-2016-3951 |
|
|
DoS |
2016-05-02 |
2017-08-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor. |
|
50 |
CVE-2016-3707 |
284 |
|
Exec Code |
2016-06-27 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file. |
