| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1000407 |
754 |
|
DoS |
2017-12-11 |
2019-05-14 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. |
|
2 |
CVE-2017-1000357 |
400 |
|
DoS |
2017-04-24 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 (Lithium-SR3), 3.4 (Lithium-SR4), 4.0 (Beryllium), 4.1 (Beryllium-SR1), 4.2 (Beryllium-SR2), and 4.4 (Beryllium-SR4) are affected by this flaw. Java version is openjdk version 1.8.0_91. |
|
3 |
CVE-2017-1000252 |
20 |
|
DoS |
2017-09-26 |
2019-10-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. |
|
4 |
CVE-2017-1000230 |
20 |
|
DoS |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. |
|
5 |
CVE-2017-1000229 |
190 |
|
DoS Exec Code Overflow |
2017-11-17 |
2019-05-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. |
|
6 |
CVE-2017-1000218 |
119 |
|
DoS Exec Code Overflow |
2017-11-17 |
2017-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution. |
|
7 |
CVE-2017-1000210 |
119 |
|
DoS Exec Code Overflow |
2017-11-17 |
2017-11-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack |
|
8 |
CVE-2017-1000201 |
20 |
|
DoS |
2017-11-17 |
2017-12-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack |
|
9 |
CVE-2017-1000200 |
476 |
|
DoS |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service |
|
10 |
CVE-2017-1000198 |
119 |
|
DoS Overflow |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service |
|
11 |
CVE-2017-1000122 |
20 |
|
DoS |
2017-11-01 |
2017-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products. |
|
12 |
CVE-2017-1000118 |
119 |
|
DoS Overflow |
2017-10-05 |
2017-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service |
|
13 |
CVE-2017-1000068 |
287 |
|
DoS |
2017-07-17 |
2020-08-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field. |
|
14 |
CVE-2017-1000061 |
611 |
|
DoS |
2017-07-17 |
2021-06-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service |
|
15 |
CVE-2017-17975 |
416 |
|
DoS |
2017-12-30 |
2018-05-24 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. |
|
16 |
CVE-2017-17967 |
20 |
|
DoS |
2017-12-28 |
2018-04-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482. |
|
17 |
CVE-2017-17935 |
125 |
|
DoS |
2017-12-27 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. |
|
18 |
CVE-2017-17932 |
119 |
|
DoS Exec Code Overflow |
2017-12-28 |
2019-05-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888. |
|
19 |
CVE-2017-17914 |
834 |
|
DoS |
2017-12-27 |
2020-09-08 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. |
|
20 |
CVE-2017-17901 |
400 |
|
DoS |
2017-12-29 |
2018-01-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. |
|
21 |
CVE-2017-17887 |
772 |
|
DoS |
2017-12-27 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. |
|
22 |
CVE-2017-17886 |
772 |
|
DoS |
2017-12-27 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. |
|
23 |
CVE-2017-17885 |
772 |
|
DoS |
2017-12-27 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. |
|
24 |
CVE-2017-17884 |
772 |
|
DoS |
2017-12-27 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. |
|
25 |
CVE-2017-17883 |
772 |
|
DoS |
2017-12-27 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. |
|
26 |
CVE-2017-17882 |
772 |
|
DoS |
2017-12-27 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. |
|
27 |
CVE-2017-17881 |
772 |
|
DoS |
2017-12-27 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. |
|
28 |
CVE-2017-17866 |
119 |
|
DoS Overflow |
2017-12-27 |
2019-03-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. |
|
29 |
CVE-2017-17863 |
190 |
|
DoS Overflow |
2017-12-27 |
2018-03-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact. |
|
30 |
CVE-2017-17862 |
20 |
|
DoS |
2017-12-27 |
2018-04-07 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service. |
|
31 |
CVE-2017-17857 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-02-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. |
|
32 |
CVE-2017-17856 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-02-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. |
|
33 |
CVE-2017-17855 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-02-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. |
|
34 |
CVE-2017-17854 |
190 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-02-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. |
|
35 |
CVE-2017-17853 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-01-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations. |
|
36 |
CVE-2017-17852 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-01-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops. |
|
37 |
CVE-2017-17846 |
20 |
|
DoS |
2017-12-27 |
2018-02-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003. |
|
38 |
CVE-2017-17821 |
119 |
|
DoS Overflow |
2017-12-21 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length. |
|
39 |
CVE-2017-17820 |
416 |
|
DoS |
2017-12-21 |
2022-08-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. |
|
40 |
CVE-2017-17819 |
476 |
|
DoS |
2017-12-21 |
2022-08-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated. |
|
41 |
CVE-2017-17818 |
125 |
|
DoS |
2017-12-21 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c. |
|
42 |
CVE-2017-17817 |
416 |
|
DoS |
2017-12-21 |
2022-08-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. |
|
43 |
CVE-2017-17816 |
416 |
|
DoS |
2017-12-21 |
2019-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. |
|
44 |
CVE-2017-17815 |
754 |
|
DoS |
2017-12-21 |
2019-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts. |
|
45 |
CVE-2017-17814 |
416 |
|
DoS |
2017-12-21 |
2019-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. |
|
46 |
CVE-2017-17813 |
416 |
|
DoS |
2017-12-21 |
2019-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors. |
|
47 |
CVE-2017-17812 |
125 |
|
DoS |
2017-12-21 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack. |
|
48 |
CVE-2017-17811 |
119 |
|
DoS Overflow |
2017-12-21 |
2019-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111. |
|
49 |
CVE-2017-17810 |
20 |
|
DoS |
2017-12-21 |
2019-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments. |
|
50 |
CVE-2017-17805 |
20 |
|
DoS |
2017-12-20 |
2023-01-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. |
