| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1000366 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2018-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. |
|
2 |
CVE-2017-14496 |
191 |
|
DoS |
2017-10-02 |
2018-05-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. |
|
3 |
CVE-2017-14495 |
399 |
|
DoS |
2017-10-02 |
2018-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. |
|
4 |
CVE-2017-14494 |
200 |
|
+Info |
2017-10-02 |
2018-03-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. |
|
5 |
CVE-2017-14492 |
119 |
|
DoS Exec Code Overflow |
2017-10-02 |
2018-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. |
|
6 |
CVE-2017-14491 |
119 |
|
DoS Exec Code Overflow |
2017-10-03 |
2018-05-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. |
|
7 |
CVE-2017-13704 |
20 |
|
|
2017-10-02 |
2018-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. |
|
8 |
CVE-2017-9277 |
19 |
|
|
2018-03-02 |
2018-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA. |
|
9 |
CVE-2017-9267 |
310 |
|
|
2018-03-02 |
2018-03-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations. |
|
10 |
CVE-2017-8932 |
310 |
|
|
2017-07-06 |
2018-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. |
|
11 |
CVE-2017-8386 |
264 |
|
+Priv |
2017-06-01 |
2018-01-04 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. |
|
12 |
CVE-2017-7995 |
200 |
|
+Info |
2017-05-03 |
2017-05-15 |
1.7 |
None |
Local |
Low |
Single system |
Partial |
None |
None |
|
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. |
|
13 |
CVE-2017-7432 |
254 |
|
|
2017-05-03 |
2017-05-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. |
|
14 |
CVE-2017-7431 |
352 |
|
CSRF |
2017-05-03 |
2017-05-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. |
|
15 |
CVE-2017-7430 |
79 |
|
XSS |
2017-05-03 |
2017-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. |
|
16 |
CVE-2017-6318 |
200 |
|
+Info |
2017-03-20 |
2017-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. |
|
17 |
CVE-2017-5337 |
119 |
|
Overflow |
2017-03-24 |
2018-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
|
18 |
CVE-2017-5336 |
119 |
|
Overflow |
2017-03-24 |
2018-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. |
|
19 |
CVE-2017-5335 |
125 |
|
DoS |
2017-03-24 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. |
|
20 |
CVE-2017-5334 |
415 |
|
|
2017-03-24 |
2018-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. |
|
21 |
CVE-2017-5186 |
310 |
|
|
2017-04-27 |
2017-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate. |
|
22 |
CVE-2017-5182 |
22 |
|
Dir. Trav. |
2017-01-23 |
2017-07-25 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). |
|
23 |
CVE-2016-10165 |
125 |
|
DoS +Info |
2017-02-03 |
2018-01-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. |
|
24 |
CVE-2016-10070 |
125 |
|
DoS Overflow |
2017-03-03 |
2017-03-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. |
|
25 |
CVE-2016-10065 |
284 |
|
DoS |
2017-03-03 |
2017-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
26 |
CVE-2016-10064 |
119 |
|
DoS Overflow |
2017-03-02 |
2017-03-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
27 |
CVE-2016-9961 |
189 |
|
|
2017-06-06 |
2017-07-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
game-music-emu before 0.6.1 mishandles unspecified integer values. |
|
28 |
CVE-2016-9960 |
369 |
|
DoS |
2017-06-06 |
2017-07-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). |
|
29 |
CVE-2016-9843 |
189 |
|
|
2017-05-23 |
2018-07-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. |
|
30 |
CVE-2016-9842 |
189 |
|
|
2017-05-23 |
2018-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. |
|
31 |
CVE-2016-9841 |
189 |
|
|
2017-05-23 |
2018-07-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
|
32 |
CVE-2016-9840 |
189 |
|
|
2017-05-23 |
2018-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
|
33 |
CVE-2016-9830 |
20 |
|
DoS |
2017-03-01 |
2017-03-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. |
|
34 |
CVE-2016-9169 |
79 |
|
XSS |
2017-03-23 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks. |
|
35 |
CVE-2016-9168 |
20 |
|
|
2017-03-23 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. |
|
36 |
CVE-2016-9167 |
264 |
|
|
2017-03-23 |
2017-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. |
|
37 |
CVE-2016-9106 |
399 |
|
DoS |
2016-12-09 |
2017-01-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector. |
|
38 |
CVE-2016-8569 |
476 |
|
DoS |
2017-02-03 |
2017-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. |
|
39 |
CVE-2016-8568 |
125 |
|
DoS |
2017-02-03 |
2017-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. |
|
40 |
CVE-2016-7972 |
399 |
|
DoS |
2017-03-03 |
2017-03-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. |
|
41 |
CVE-2016-7969 |
125 |
|
DoS |
2017-03-03 |
2017-03-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization." |
|
42 |
CVE-2016-7800 |
119 |
|
DoS Overflow |
2017-02-06 |
2017-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. |
|
43 |
CVE-2016-7796 |
20 |
|
DoS |
2016-10-13 |
2017-07-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. |
|
44 |
CVE-2016-7787 |
94 |
|
Exec Code |
2016-12-23 |
2016-12-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. |
|
45 |
CVE-2016-7449 |
125 |
|
DoS |
2017-02-06 |
2018-06-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. |
|
46 |
CVE-2016-7448 |
399 |
|
DoS |
2017-02-06 |
2018-06-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. |
|
47 |
CVE-2016-7447 |
119 |
|
Overflow |
2017-02-06 |
2018-06-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. |
|
48 |
CVE-2016-7446 |
119 |
|
Overflow |
2017-02-06 |
2018-06-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. |
|
49 |
CVE-2016-7445 |
476 |
|
DoS |
2016-10-03 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. |
|
50 |
CVE-2016-7141 |
287 |
|
|
2016-10-03 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. |
