The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
Source: MITRE
Max CVSS
8.0
EPSS Score
0.93%
Published
2017-09-12
Updated
2023-01-19
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.16%
Published
2017-11-17
Updated
2019-05-06
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
Source: MITRE
Max CVSS
10.0
EPSS Score
1.04%
Published
2017-11-17
Updated
2017-11-30
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.41%
Published
2017-11-17
Updated
2017-11-30
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution
Source: MITRE
Max CVSS
10.0
EPSS Score
3.62%
Published
2017-11-17
Updated
2019-10-03
Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.47%
Published
2017-11-17
Updated
2019-10-03
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution
Source: MITRE
Max CVSS
9.0
EPSS Score
0.18%
Published
2017-11-17
Updated
2019-10-03
QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.44%
Published
2017-11-17
Updated
2017-12-02
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.13%
Published
2017-10-05
Updated
2019-10-03
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
Source: MITRE
Max CVSS
9.8
EPSS Score
1.51%
Published
2017-07-17
Updated
2020-12-07
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution
Source: MITRE
Max CVSS
7.5
EPSS Score
10.72%
Published
2017-07-17
Updated
2017-07-19
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.
Source: MITRE
Max CVSS
9.3
EPSS Score
4.27%
Published
2017-07-17
Updated
2017-08-04

CVE-2017-17968

Public exploit
A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.
Source: MITRE
Max CVSS
10.0
EPSS Score
1.40%
Published
2017-12-29
Updated
2018-01-16

CVE-2017-17932

Public exploit
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888.
Source: MITRE
Max CVSS
10.0
EPSS Score
33.42%
Published
2017-12-28
Updated
2019-05-10
A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.98%
Published
2017-12-27
Updated
2018-07-28
An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-12-27
Updated
2018-01-11
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
Source: MITRE
Max CVSS
7.0
EPSS Score
0.04%
Published
2017-12-16
Updated
2023-06-21

CVE-2017-17562

Known exploited
Public exploit
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
Source: MITRE
Max CVSS
8.1
EPSS Score
97.46%
Published
2017-12-12
Updated
2018-04-20
CISA KEV Added
2021-12-10
Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.
Source: MITRE
Max CVSS
8.8
EPSS Score
1.08%
Published
2017-12-11
Updated
2019-10-03
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Source: MITRE
Max CVSS
9.8
EPSS Score
2.25%
Published
2017-12-08
Updated
2021-02-03
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Source: MITRE
Max CVSS
9.8
EPSS Score
1.31%
Published
2017-12-08
Updated
2018-11-29

CVE-2017-17411

Public exploit
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
Source: Zero Day Initiative
Max CVSS
10.0
EPSS Score
97.41%
Published
2017-12-21
Updated
2018-08-28
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x102 in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5116.
Source: Zero Day Initiative
Max CVSS
9.3
EPSS Score
2.47%
Published
2017-12-21
Updated
2019-10-09
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102.
Source: Zero Day Initiative
Max CVSS
9.3
EPSS Score
1.85%
Published
2017-12-21
Updated
2019-10-09
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101.
Source: Zero Day Initiative
Max CVSS
9.3
EPSS Score
1.85%
Published
2017-12-21
Updated
2019-10-09
1870 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!