CVE List 2017

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2017-9986
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
Serious kernel The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a double fetch vulnerability. June 28, 2017, 01:06 am
CVE-2017-9985
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a double fetch vulnerability. June 28, 2017, 01:06 am
CVE-2017-9984
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a double fetch vulnerability. June 28, 2017, 01:06 am
CVE-2017-9955
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Normal binutils The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program. June 26, 2017, 18:06 pm
CVE-2017-9954
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Normal binutils The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program. June 26, 2017, 18:06 pm
CVE-2017-9937
6.5 MV Product/Version
affected:
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.2 In progress
Normal tiff In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. June 26, 2017, 07:06 am
CVE-2017-9936
6.5 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Normal tiff In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. June 26, 2017, 07:06 am
CVE-2017-9935
8.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 In progress
Serious tiff In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. June 26, 2017, 07:06 am
CVE-2017-9835
7.8 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious ghostscript The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. July 26, 2017, 14:07 pm
CVE-2017-9814
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.4 Resolved
CGX 2.0 In progress
CGX 1.8 Resolved
Serious cairo cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. July 17, 2017, 08:07 am
CVE-2017-9800
6.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal subversion A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that servers repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. August 11, 2017, 16:08 pm
CVE-2017-9798
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
Normal apache2 Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a users .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c. September 18, 2017, 10:09 am
CVE-2017-9789
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal apache2 When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. July 13, 2017, 11:07 am
CVE-2017-9788
4.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal apache2 In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type Digest was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no = assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. July 13, 2017, 11:07 am
CVE-2017-9778
5.5 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 In progress
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
Normal gdb GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. June 21, 2017, 02:06 am
CVE-2017-9766
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. June 21, 2017, 02:06 am
CVE-2017-9756
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9755
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9754
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9753
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.2 Resolved
Serious binutils The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9752
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9751
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9750
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious binutils opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9749
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9748
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.2 Resolved
Serious binutils The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. NOTE: this may be related to a compiler bug. June 18, 2017, 23:06 pm
CVE-2017-9747
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
Serious binutils The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. NOTE: this may be related to a compiler bug. June 18, 2017, 23:06 pm
CVE-2017-9746
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9745
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9744
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
Serious binutils The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9743
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9742
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
Serious binutils The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during objdump -D execution. June 18, 2017, 23:06 pm
CVE-2017-9617
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious wireshark In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. June 14, 2017, 15:06 pm
CVE-2017-9616
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. June 14, 2017, 15:06 pm
CVE-2017-9605
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. June 13, 2017, 14:06 pm
CVE-2017-9526
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Normal libgcrypt In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. June 10, 2017, 21:06 pm
CVE-2017-9525
6.7 MV Product/Version
affected:
CGE 7.0 In progress
Normal cron In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. June 9, 2017, 11:06 am
CVE-2017-9524
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious qemu The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. July 6, 2017, 11:07 am
CVE-2017-9503
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal qemu QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. June 16, 2017, 17:06 pm
CVE-2017-9502
5.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal curl In curl before 7.54.1 on Windows and DOS, libcurls default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given URL starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string file://). June 14, 2017, 08:06 am
CVE-2017-9461
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious samba smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. June 6, 2017, 16:06 pm
CVE-2017-9445
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious systemd In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer thats too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer thats too small, and subsequently write arbitrary data beyond the end of it. June 28, 2017, 01:06 am
CVE-2017-9375
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal qemu QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. June 16, 2017, 17:06 pm
CVE-2017-9374
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal qemu Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device. June 16, 2017, 17:06 pm
CVE-2017-9373
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal qemu Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device. June 16, 2017, 17:06 pm
CVE-2017-9354
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. June 2, 2017, 00:06 am
CVE-2017-9353
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. June 2, 2017, 00:06 am
CVE-2017-9352
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. June 2, 2017, 00:06 am
CVE-2017-9351
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. June 2, 2017, 00:06 am
CVE-2017-9350
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. June 2, 2017, 00:06 am
CVE-2017-9349
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. June 2, 2017, 00:06 am
CVE-2017-9348
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. June 2, 2017, 00:06 am
CVE-2017-9347
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. June 2, 2017, 00:06 am
CVE-2017-9346
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. June 2, 2017, 00:06 am
CVE-2017-9345
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. June 2, 2017, 00:06 am
CVE-2017-9344
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. June 2, 2017, 00:06 am
CVE-2017-9343
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. June 2, 2017, 00:06 am
CVE-2017-9330
5.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal qemu QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. June 8, 2017, 11:06 am
CVE-2017-9310
5.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal qemu QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer. June 8, 2017, 11:06 am
CVE-2017-9287
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 In progress
CGX 2.2 In progress
CGX 1.8 Resolved
Normal openldap servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. May 29, 2017, 11:05 am
CVE-2017-9265
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
Critical openvswitch In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`. May 28, 2017, 23:05 pm
CVE-2017-9264
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
Critical openvswitch In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely. May 28, 2017, 23:05 pm
CVE-2017-9263
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal openvswitch In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. May 28, 2017, 23:05 pm
CVE-2017-9242
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Medium kernel The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. May 26, 2017, 20:05 pm
CVE-2017-9233
6.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal expat XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. July 25, 2017, 15:07 pm
CVE-2017-9229
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 In progress
Serious An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. May 24, 2017, 10:05 am
CVE-2017-9228
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical ruby php An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until its used as an index, resulting in an out-of-bounds write memory corruption. May 24, 2017, 10:05 am
CVE-2017-9227
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Critical An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. May 24, 2017, 10:05 am
CVE-2017-9226
4.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of 700 would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. May 24, 2017, 10:05 am
CVE-2017-9225
5.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. May 24, 2017, 10:05 am
CVE-2017-9224
4.8 MV Product/Version
affected:
Normal An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. May 24, 2017, 10:05 am
CVE-2017-9217
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious systemd systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. May 24, 2017, 00:05 am
CVE-2017-9214
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical openvswitch In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. May 23, 2017, 12:05 pm
CVE-2017-9211
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application. May 23, 2017, 00:05 am
CVE-2017-9150
5.5 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Normal kernel The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls. May 22, 2017, 17:05 pm
CVE-2017-9119
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. May 21, 2017, 14:05 pm
CVE-2017-9077
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious kernel The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. May 19, 2017, 09:05 am
CVE-2017-9076
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. May 19, 2017, 02:05 am
CVE-2017-9075
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious kernel The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. May 19, 2017, 02:05 am
CVE-2017-9074
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
High kernel The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. May 19, 2017, 02:05 am
CVE-2017-9067
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
Serious php In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. May 18, 2017, 11:05 am
CVE-2017-9060
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal qemu Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_SET_SCANOUT: commands. June 1, 2017, 11:06 am
CVE-2017-9059
5.5 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.0 In progress
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
Normal kernel The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a module reference and kernel daemon leak. May 18, 2017, 01:05 am
CVE-2017-9050
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious libxml2 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. May 18, 2017, 01:05 am
CVE-2017-9049
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious libxml2 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. May 18, 2017, 01:05 am
CVE-2017-9048
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious libxml2 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer buf of size size. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. May 18, 2017, 01:05 am
CVE-2017-9047
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious libxml A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer buf of size size. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses len rather than the updated buffer length strlen(buf). This allows us to write about size many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. May 18, 2017, 01:05 am
CVE-2017-9044
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Medium binutils The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. May 17, 2017, 20:05 pm
CVE-2017-9043
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
High binutils readelf.c in GNU Binutils 2017-04-12 has a shift exponent too large for type unsigned long issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. May 17, 2017, 20:05 pm
CVE-2017-9042
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
High binutils readelf.c in GNU Binutils 2017-04-12 has a cannot be represented in type long issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. May 17, 2017, 20:05 pm
CVE-2017-9041
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Medium binutils GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c. May 17, 2017, 20:05 pm
CVE-2017-9040
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Medium binutils GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt. May 17, 2017, 20:05 pm
CVE-2017-9039
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Medium binutils GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c. May 17, 2017, 20:05 pm
CVE-2017-9038
5.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
Medium binutils GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets. May 17, 2017, 20:05 pm
CVE-2017-9023
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious strongswan The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. June 8, 2017, 11:06 am
CVE-2017-9022
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious strongswan The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. June 8, 2017, 11:06 am
CVE-2017-8934
5.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal pcmanfm PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). May 15, 2017, 09:05 am
CVE-2017-8932
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal go A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. July 6, 2017, 11:07 am
CVE-2017-8925
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. May 12, 2017, 16:05 pm
CVE-2017-8924
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. May 12, 2017, 16:05 pm
CVE-2017-8923
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a scripts use of .= with a long string. May 12, 2017, 15:05 pm
CVE-2017-8908
5.5 MV Product/Version
affected:
CGX 2.2 In progress
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal ghostscript The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. May 12, 2017, 02:05 am
CVE-2017-8890
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical kernel The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. May 10, 2017, 11:05 am
CVE-2017-8872
9.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
Critical libxml2 The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. May 10, 2017, 00:05 am
CVE-2017-8871
5.6 MV Product/Version
affected:
CGX 2.2 In progress
CGE 7.0 In progress
Normal libcroco The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. June 12, 2017, 01:06 am
CVE-2017-8834
6.5 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 In progress
Normal libcroco The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. June 12, 2017, 01:06 am
CVE-2017-8831
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a double fetch vulnerability. May 8, 2017, 01:05 am
CVE-2017-8824
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 2.0 Resolved
Serious kernel The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. December 5, 2017, 03:12 am
CVE-2017-8818
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Serious curl curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. November 29, 2017, 12:11 pm
CVE-2017-8817
5.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.4 In progress
Normal curl The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an [ character. November 29, 2017, 12:11 pm
CVE-2017-8816
7.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Serious curl The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. November 29, 2017, 12:11 pm
CVE-2017-8806
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal postgresql The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. November 13, 2017, 03:11 am
CVE-2017-8804
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious glibc The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. May 7, 2017, 13:05 pm
CVE-2017-8797
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system. July 2, 2017, 12:07 pm
CVE-2017-8786
9.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
Critical libpcre pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. May 4, 2017, 19:05 pm
CVE-2017-8779
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious rpcbind rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. May 4, 2017, 09:05 am
CVE-2017-8421
5.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
Normal binutils The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. May 2, 2017, 12:05 pm
CVE-2017-8398
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. May 1, 2017, 13:05 pm
CVE-2017-8397
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.2 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. May 1, 2017, 13:05 pm
CVE-2017-8396
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didnt catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. May 1, 2017, 13:05 pm
CVE-2017-8395
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. May 1, 2017, 13:05 pm
CVE-2017-8394
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. May 1, 2017, 13:05 pm
CVE-2017-8393
7.5 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. May 1, 2017, 13:05 pm
CVE-2017-8392
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.2 In progress
CGE 7.0 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. May 1, 2017, 13:05 pm
CVE-2017-8380
4.4 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
qemu Buffer overflow in the megasas_mmio_write function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. August 28, 2017, 10:08 am
CVE-2017-8379
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Medium qemu Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. May 22, 2017, 23:05 pm
CVE-2017-8365
5.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal libsndfile The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. April 30, 2017, 14:04 pm
CVE-2017-8363
5.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. April 30, 2017, 14:04 pm
CVE-2017-8362
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Normal libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. April 30, 2017, 14:04 pm
CVE-2017-8361
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. April 30, 2017, 14:04 pm
CVE-2017-8309
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
High qemu Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. May 22, 2017, 23:05 pm
CVE-2017-8291
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
High ghostscript Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a /OutputFile (%pipe% substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. April 26, 2017, 20:04 pm
CVE-2017-8284
7.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious qemu ** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated this bug does not violate any security guarantees QEMU makes. April 26, 2017, 09:04 am
CVE-2017-8283
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
Critical dpdk dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. April 26, 2017, 00:04 am
CVE-2017-8246
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used. May 12, 2017, 15:05 pm
CVE-2017-8245
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs. May 12, 2017, 15:05 pm
CVE-2017-8244
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable dbg_buf, dbg_buf->curr and dbg_buf->filled_size could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. buffer->curr itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). May 12, 2017, 15:05 pm
CVE-2017-8112
3.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. May 2, 2017, 09:05 am
CVE-2017-8106
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer. April 24, 2017, 18:04 pm
CVE-2017-8105
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Critical freetype FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. April 24, 2017, 13:04 pm
CVE-2017-8086
3.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. May 2, 2017, 09:05 am
CVE-2017-8072
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors. April 23, 2017, 00:04 am
CVE-2017-8071
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors. April 23, 2017, 00:04 am
CVE-2017-8070
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. April 23, 2017, 00:04 am
CVE-2017-8069
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. April 23, 2017, 00:04 am
CVE-2017-8068
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. April 23, 2017, 00:04 am
CVE-2017-8067
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. April 23, 2017, 00:04 am
CVE-2017-8066
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. April 23, 2017, 00:04 am
CVE-2017-8065
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. April 23, 2017, 00:04 am
CVE-2017-8064
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Serious kernel drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. April 23, 2017, 00:04 am
CVE-2017-8063
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. April 23, 2017, 00:04 am
CVE-2017-8062
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. April 23, 2017, 00:04 am
CVE-2017-8061
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. April 23, 2017, 00:04 am
CVE-2017-7980
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
qemu Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. July 25, 2017, 09:07 am
CVE-2017-7979
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High kernel The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via tc filter add commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org. April 19, 2017, 18:04 pm
CVE-2017-7963
7.5 MV Product/Version
affected:
CGE 7.0 In progress
Serious php ** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMPs OOM behavior. April 19, 2017, 10:04 am
CVE-2017-7961
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Serious libcroco ** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an outside the range of representable values of type long undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components. April 19, 2017, 10:04 am
CVE-2017-7960
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
Medium libcroco The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. April 19, 2017, 10:04 am
CVE-2017-7948
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
Serious ghostscript Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. April 19, 2017, 09:04 am
CVE-2017-7895
7.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
kernel The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. April 28, 2017, 05:04 am
CVE-2017-7890
6.5 MV Product/Version
affected:
Normal php The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. August 2, 2017, 14:08 pm
CVE-2017-7889
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. April 16, 2017, 19:04 pm
CVE-2017-7869
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Serious gnutls GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendors GNUTLS-SA-2017-3 report) is fixed in 3.5.10. April 13, 2017, 23:04 pm
CVE-2017-7748
7.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check. April 12, 2017, 18:04 pm
CVE-2017-7747
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. April 12, 2017, 18:04 pm
CVE-2017-7746
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length. April 12, 2017, 18:04 pm
CVE-2017-7745
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check. April 12, 2017, 18:04 pm
CVE-2017-7742
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal libsndfile In libsndfile before 1.0.28, an error in the flac_buffer_copy() function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. April 12, 2017, 13:04 pm
CVE-2017-7741
4.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
libsndfile In libsndfile before 1.0.28, an error in the flac_buffer_copy() function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. April 12, 2017, 13:04 pm
CVE-2017-7718
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Medium qemu hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions. April 20, 2017, 12:04 pm
CVE-2017-7705
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. April 12, 2017, 18:04 pm
CVE-2017-7704
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. April 12, 2017, 18:04 pm
CVE-2017-7703
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a lines end correctly. April 12, 2017, 18:04 pm
CVE-2017-7702
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. April 12, 2017, 18:04 pm
CVE-2017-7701
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type. April 12, 2017, 18:04 pm
CVE-2017-7700
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal wireshark In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. April 12, 2017, 18:04 pm
CVE-2017-7679
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical apache2 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. June 19, 2017, 20:06 pm
CVE-2017-7668
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Critical apache2 The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. June 19, 2017, 20:06 pm
CVE-2017-7659
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal apache2 A maliciously constructed HTTP/2 request could cause mod_http2 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. July 26, 2017, 16:07 pm
CVE-2017-7645
7.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
kernel The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. April 18, 2017, 09:04 am
CVE-2017-7618
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. April 10, 2017, 09:04 am
CVE-2017-7616
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Normal kernel Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. April 10, 2017, 09:04 am
CVE-2017-7614
3.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
binutils elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a member access within null pointer undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an int main() {return 0;} program. April 9, 2017, 09:04 am
CVE-2017-7613
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Medium elfutils elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. April 9, 2017, 09:04 am
CVE-2017-7612
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium elfutils The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. April 9, 2017, 09:04 am
CVE-2017-7611
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium elfutils The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. April 9, 2017, 09:04 am
CVE-2017-7610
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Medium elfutils The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. April 9, 2017, 09:04 am
CVE-2017-7609
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Medium elfutils elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. April 9, 2017, 09:04 am
CVE-2017-7608
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium elfutils The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. April 9, 2017, 09:04 am
CVE-2017-7607
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium elfutils The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file. April 9, 2017, 09:04 am
CVE-2017-7602
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High tiff LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. April 9, 2017, 09:04 am
CVE-2017-7601
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
High tiff LibTIFF 4.0.7 has a shift exponent too large for 64-bit type long undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. April 9, 2017, 09:04 am
CVE-2017-7600
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
High tiff LibTIFF 4.0.7 has an outside the range of representable values of type unsigned char undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. April 9, 2017, 09:04 am
CVE-2017-7599
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
High tiff LibTIFF 4.0.7 has an outside the range of representable values of type short undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. April 9, 2017, 09:04 am
CVE-2017-7598
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
High tiff tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. April 9, 2017, 09:04 am
CVE-2017-7597
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High tiff tif_dirread.c in LibTIFF 4.0.7 has an outside the range of representable values of type float undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. April 9, 2017, 09:04 am
CVE-2017-7596
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
High tiff LibTIFF 4.0.7 has an outside the range of representable values of type float undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. April 9, 2017, 09:04 am
CVE-2017-7595
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium tiff The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. April 9, 2017, 09:04 am
CVE-2017-7594
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium tiff The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image. April 9, 2017, 09:04 am
CVE-2017-7593
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Medium tiff tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. April 9, 2017, 09:04 am
CVE-2017-7592
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High tiff The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. April 9, 2017, 09:04 am
CVE-2017-7586
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal libsndfile In libsndfile before 1.0.28, an error in the header_read() function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. April 7, 2017, 15:04 pm
CVE-2017-7585
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Normal libsndfile In libsndfile before 1.0.28, an error in the flac_buffer_copy() function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. April 7, 2017, 15:04 pm
CVE-2017-7558
5.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.0 In progress
Normal kernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 18:06 pm
CVE-2017-7555
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Critical augeas Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. August 17, 2017, 14:08 pm
CVE-2017-7548
5.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal postgresql PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. August 16, 2017, 13:08 pm
CVE-2017-7547
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious postgresql PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. August 16, 2017, 13:08 pm
CVE-2017-7546
5.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal postgresql PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. August 16, 2017, 13:08 pm
CVE-2017-7544
9.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical libexif libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. September 21, 2017, 16:09 pm
CVE-2017-7542
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
Normal kernel The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. July 21, 2017, 11:07 am
CVE-2017-7541
6.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Normal kernel The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet. July 24, 2017, 23:07 pm
CVE-2017-7539
5.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 25, 2017, 21:07 pm
CVE-2017-7533
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious kernel Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. August 5, 2017, 11:08 am
CVE-2017-7529
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious nginx Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. July 13, 2017, 08:07 am
CVE-2017-7526
6.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 In progress
CGX 2.0 In progress
CGX 1.8 Resolved
libgcrypt ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 2, 2018, 19:07 pm
CVE-2017-7522
6.5 MV Product/Version
affected:
Normal openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. June 27, 2017, 08:06 am
CVE-2017-7521
5.9 MV Product/Version
affected:
Normal openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). June 27, 2017, 08:06 am
CVE-2017-7520
7.4 MV Product/Version
affected:
Serious openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. June 27, 2017, 08:06 am
CVE-2017-7518
5.5 MV Product/Version
affected:
kernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 9, 2017, 01:07 am
CVE-2017-7508
7.5 MV Product/Version
affected:
Serious openvpn OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. June 27, 2017, 08:06 am
CVE-2017-7507
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious gnutls GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. June 16, 2017, 14:06 pm
CVE-2017-7501
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious rpm It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation. November 22, 2017, 16:11 pm
CVE-2017-7495
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. May 15, 2017, 13:05 pm
CVE-2017-7494
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Critical samba Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. May 30, 2017, 13:05 pm
CVE-2017-7493
7.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
qemu Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. May 17, 2017, 10:05 am
CVE-2017-7488
4.3 MV Product/Version
affected:
Normal authconfig Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames. May 16, 2017, 13:05 pm
CVE-2017-7487
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Serious kernel The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. May 14, 2017, 17:05 pm
CVE-2017-7486
7.5 MV Product/Version
affected:
Serious postgresql PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server. May 12, 2017, 14:05 pm
CVE-2017-7485
5.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 2.2 Resolved
Normal postgresql In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. May 12, 2017, 14:05 pm
CVE-2017-7484
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 In progress
Serious postgresql It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. May 12, 2017, 14:05 pm
CVE-2017-7483
7.5 MV Product/Version
affected:
Serious rxtx Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. May 2, 2017, 09:05 am
CVE-2017-7482
7.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
MVL6 Kernel 2.6.32 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 1.8 Resolved
Serious kernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 00:06 am
CVE-2017-7479
6.5 MV Product/Version
affected:
Normal openvpn OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. May 15, 2017, 13:05 pm
CVE-2017-7478
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious openvpn OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. May 15, 2017, 13:05 pm
CVE-2017-7477
8.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. April 25, 2017, 09:04 am
CVE-2017-7476
9.8 MV Product/Version
affected:
Critical gnulib Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. May 2, 2017, 12:05 pm
CVE-2017-7475
3.3 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 In progress
cairo Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. May 19, 2017, 15:05 pm
CVE-2017-7472
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
Normal kernel The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls. May 11, 2017, 14:05 pm
CVE-2017-7471
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. May 10, 2017, 02:05 am
CVE-2017-7468
4.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 20, 2017, 18:04 pm
CVE-2017-7467
7.0 MV Product/Version
affected:
Serious minicom A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process. July 11, 2018, 08:07 am
CVE-2017-7418
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal proftpd ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user. April 4, 2017, 12:04 pm
CVE-2017-7407
2.4 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low curl The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a % character, which leads to a heap-based buffer over-read. April 3, 2017, 15:04 pm
CVE-2017-7377
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. April 10, 2017, 10:04 am
CVE-2017-7376
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Critical libxml2 Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. February 19, 2018, 13:02 pm
CVE-2017-7375
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Critical libxml2 A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). February 19, 2018, 13:02 pm
CVE-2017-7374
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious kernel Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely. March 31, 2017, 15:03 pm
CVE-2017-7346
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium kernel The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. March 30, 2017, 18:03 pm
CVE-2017-7308
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
High kernel The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. March 29, 2017, 15:03 pm
CVE-2017-7304
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash. March 29, 2017, 10:03 am
CVE-2017-7303
7.5 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash. March 29, 2017, 10:03 am
CVE-2017-7302
7.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash. March 29, 2017, 10:03 am
CVE-2017-7301
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.2 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash. March 29, 2017, 10:03 am
CVE-2017-7300
7.5 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that is vulnerable to a heap-based buffer over-read (off-by-one) because of an incomplete check for invalid string offsets while loading symbols, leading to a GNU linker (ld) program crash. March 29, 2017, 10:03 am
CVE-2017-7299
5.5 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
Normal binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash. March 29, 2017, 10:03 am
CVE-2017-7297
8.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious docker Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3. March 28, 2017, 19:03 pm
CVE-2017-7294
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 2.0 Resolved
Serious kernel The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. March 28, 2017, 21:03 pm
CVE-2017-7277
7.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernels internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c. March 28, 2017, 01:03 am
CVE-2017-7273
6.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report. March 27, 2017, 12:03 pm
CVE-2017-7272
7.4 MV Product/Version
affected:
Serious php PHP through 7.1.3 enables potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function. March 27, 2017, 12:03 pm
CVE-2017-7261
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium kernel The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. March 24, 2017, 16:03 pm
CVE-2017-7246
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
High libpcre Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. March 23, 2017, 16:03 pm
CVE-2017-7245
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High libpcre Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. March 23, 2017, 16:03 pm
CVE-2017-7244
5.5 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Medium libpcre The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. March 23, 2017, 16:03 pm
CVE-2017-7227
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of termination of a name field in ldlex.l. March 22, 2017, 11:03 am
CVE-2017-7226
9.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 In progress
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
Critical binutils The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. March 22, 2017, 11:03 am
CVE-2017-7225
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. March 22, 2017, 11:03 am
CVE-2017-7224
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Normal binutils The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. March 22, 2017, 11:03 am
CVE-2017-7223
7.5 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
Serious binutils GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. March 22, 2017, 11:03 am
CVE-2017-7210
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Medium binutils objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash. March 21, 2017, 01:03 am
CVE-2017-7209
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
Medium binutils The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. March 21, 2017, 01:03 am
CVE-2017-7207
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
Medium ghostscript The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. March 21, 2017, 01:03 am
CVE-2017-7187
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
MVL6 Kernel 2.6.32 Resolved
Serious kernel The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. March 20, 2017, 09:03 am
CVE-2017-7186
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
High libpcre libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. March 19, 2017, 19:03 pm
CVE-2017-7184
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
High kernel The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. March 19, 2017, 13:03 pm
CVE-2017-6969
9.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 In progress
Critical binutils readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. March 17, 2017, 04:03 am
CVE-2017-6966
5.5 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
Medium binutils readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. March 17, 2017, 04:03 am
CVE-2017-6965
5.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
Medium binutils readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. March 17, 2017, 04:03 am
CVE-2017-6951
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the dead type. March 16, 2017, 13:03 pm
CVE-2017-6892
8.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious libsndfile In libsndfile version 1.0.28, an error in the aiff_read_chanmap() function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. June 12, 2017, 11:06 am
CVE-2017-6888
6.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal flac An error in the read_metadata_vorbiscomment_() function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. April 25, 2018, 16:04 pm
CVE-2017-6874
7.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts. March 14, 2017, 04:03 am
CVE-2017-6519
9.1 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical avahi avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. April 30, 2017, 20:04 pm
CVE-2017-6508
6.1 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.0 In progress
Normal wget CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. March 7, 2017, 02:03 am
CVE-2017-6505
6.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Medium qemu The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330. March 15, 2017, 09:03 am
CVE-2017-6474
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. March 3, 2017, 21:03 pm
CVE-2017-6473
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. March 3, 2017, 21:03 pm
CVE-2017-6472
7.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. March 3, 2017, 21:03 pm
CVE-2017-6471
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. March 3, 2017, 21:03 pm
CVE-2017-6470
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. March 3, 2017, 21:03 pm
CVE-2017-6469
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. March 3, 2017, 21:03 pm
CVE-2017-6468
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. March 3, 2017, 21:03 pm
CVE-2017-6467
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. March 3, 2017, 21:03 pm
CVE-2017-6464
4.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
ntp NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. March 27, 2017, 12:03 pm
CVE-2017-6463
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
ntp NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. March 27, 2017, 12:03 pm
CVE-2017-6462
1.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
ntp Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. March 27, 2017, 12:03 pm
CVE-2017-6460
4.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
ntp Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. March 27, 2017, 12:03 pm
CVE-2017-6459
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal ntp The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. March 27, 2017, 12:03 pm
CVE-2017-6458
4.6 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
ntp Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. March 27, 2017, 12:03 pm
CVE-2017-6455
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious ntp NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. March 27, 2017, 12:03 pm
CVE-2017-6452
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Serious ntp Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. March 27, 2017, 12:03 pm
CVE-2017-6451
1.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
ntp The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. March 27, 2017, 12:03 pm
CVE-2017-6441
7.5 MV Product/Version
affected:
Serious php ** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of declare(ticks= in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only. April 3, 2017, 00:04 am
CVE-2017-6414
6.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Medium qemu Memory leak in the vcard_apdu_new function in card_7816.c in libcacard before 2.5.3 allows local guest OS users to cause a denial of service (host memory consumption) via vectors related to allocating a new APDU object. March 15, 2017, 09:03 am
CVE-2017-6353
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Medium kernel net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986. March 1, 2017, 14:03 pm
CVE-2017-6350
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Critical vim An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. February 27, 2017, 01:02 am
CVE-2017-6349
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical vim An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. February 27, 2017, 01:02 am
CVE-2017-6348
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium kernel The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices. March 1, 2017, 14:03 pm
CVE-2017-6347
5.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. March 1, 2017, 14:03 pm
CVE-2017-6346
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls. March 1, 2017, 14:03 pm
CVE-2017-6345
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. March 1, 2017, 14:03 pm
CVE-2017-6314
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Medium gdk-pixbuf The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. March 9, 2017, 20:03 pm
CVE-2017-6313
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
Medium gdk-pixbuf Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. March 9, 2017, 20:03 pm
CVE-2017-6312
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Medium gdk-pixbuf Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. March 9, 2017, 20:03 pm
CVE-2017-6311
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
High gdk-pixbuf gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message. March 9, 2017, 20:03 pm
CVE-2017-6264
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264. November 14, 2017, 11:11 am
CVE-2017-6214
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 In progress
CGE 7.0 Resolved
MVL6 Kernel 2.6.32 Resolved
MVL6 Kernel 2.6.24 Resolved
High kernel The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. February 23, 2017, 11:02 am
CVE-2017-6181
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 In progress
Serious ruby The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression. April 3, 2017, 00:04 am
CVE-2017-6074
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High kernel The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call. February 18, 2017, 15:02 pm
CVE-2017-6058
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
High qemu Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping. March 20, 2017, 11:03 am
CVE-2017-6014
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious wireshark In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. February 17, 2017, 01:02 am
CVE-2017-6001
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
High kernel Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786. February 18, 2017, 15:02 pm
CVE-2017-5987
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Medium qemu The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer. March 20, 2017, 11:03 am
CVE-2017-5986
7.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. February 18, 2017, 15:02 pm
CVE-2017-5985
3.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low lxc lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check. March 14, 2017, 12:03 pm
CVE-2017-5973
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Medium qemu The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. March 27, 2017, 10:03 am
CVE-2017-5972
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High kernel The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code. February 14, 2017, 00:02 am
CVE-2017-5970
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
High kernel The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. February 14, 2017, 00:02 am
CVE-2017-5969
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
libxml2 ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser. April 11, 2017, 11:04 am
CVE-2017-5967
4.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 In progress
Normal kernel The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. February 14, 2017, 00:02 am
CVE-2017-5957
5.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal qemu Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the nr_cbufs argument. March 14, 2017, 09:03 am
CVE-2017-5953
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical vim vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. February 10, 2017, 01:02 am
CVE-2017-5951
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
Medium ghostscript The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. April 3, 2017, 00:04 am
CVE-2017-5932
6.89 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
bash The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a (double quote) character and a command substitution metacharacter. March 27, 2017, 10:03 am
CVE-2017-5931
8.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
High qemu Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code on the host via a crafted virtio-crypto request, which triggers a heap-based buffer overflow. March 27, 2017, 10:03 am
CVE-2017-5898
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium qemu Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit. March 15, 2017, 14:03 pm
CVE-2017-5897
7.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
kernel The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. March 23, 2017, 11:03 am
CVE-2017-5868
6.1 MV Product/Version
affected:
Normal openvpn CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via %0A characters in the PATH_INFO to __session_start__/. May 25, 2017, 20:05 pm
CVE-2017-5857
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium qemu Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand. March 16, 2017, 10:03 am
CVE-2017-5856
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Medium qemu Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb. March 16, 2017, 10:03 am
CVE-2017-5848
7.0 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
gstreamer The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. February 9, 2017, 09:02 am
CVE-2017-5847
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
gstreamer The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. February 9, 2017, 09:02 am
CVE-2017-5846
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium gstreamer The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file. February 9, 2017, 09:02 am
CVE-2017-5845
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
gstreamer The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that goes behind the surrounding tag. February 9, 2017, 09:02 am
CVE-2017-5844
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
Medium gstreamer The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. February 9, 2017, 09:02 am
CVE-2017-5843
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
gstreamer Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. February 9, 2017, 09:02 am
CVE-2017-5842
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium gstreamer The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. February 9, 2017, 09:02 am
CVE-2017-5841
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
gstreamer The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. February 9, 2017, 09:02 am
CVE-2017-5840
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
gstreamer The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. February 9, 2017, 09:02 am
CVE-2017-5839
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
gstreamer The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. February 9, 2017, 09:02 am
CVE-2017-5838
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
gstreamer The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. February 9, 2017, 09:02 am
CVE-2017-5837
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
Medium gstreamer The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. February 9, 2017, 09:02 am
CVE-2017-5754
7.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. January 4, 2018, 07:01 am
CVE-2017-5753
8.3 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 2.0 In progress
CGE 7.0 In progress
Serious kernel Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. January 4, 2018, 07:01 am
CVE-2017-5715
8.2 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Serious kernel Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. January 4, 2018, 07:01 am
CVE-2017-5669
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. February 24, 2017, 09:02 am
CVE-2017-5667
5.4 MV Product/Version
affected:
CGE 7.0 Resolved
qemu The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length. March 16, 2017, 10:03 am
CVE-2017-5644
5.5 MV Product/Version
affected:
Normal poi Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack. March 24, 2017, 09:03 am
CVE-2017-5618
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
screen GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. March 20, 2017, 11:03 am
CVE-2017-5601
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious libarchive An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. January 27, 2017, 16:01 pm
CVE-2017-5597
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. January 25, 2017, 15:01 pm
CVE-2017-5596
7.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. January 25, 2017, 15:01 pm
CVE-2017-5579
3.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
qemu Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. March 15, 2017, 10:03 am
CVE-2017-5578
3.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. March 15, 2017, 10:03 am
CVE-2017-5577
7.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call. February 6, 2017, 00:02 am
CVE-2017-5576
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
kernel Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call. February 6, 2017, 00:02 am
CVE-2017-5563
6.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
tiff LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. January 23, 2017, 01:01 am
CVE-2017-5552
2.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu Memory leak in the virgl_resource_attach_backing function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. March 15, 2017, 10:03 am
CVE-2017-5551
3.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. February 6, 2017, 00:02 am
CVE-2017-5550
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision. February 6, 2017, 00:02 am
CVE-2017-5549
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. February 6, 2017, 00:02 am
CVE-2017-5548
4.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. February 6, 2017, 00:02 am
CVE-2017-5547
4.0 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. February 6, 2017, 00:02 am
CVE-2017-5546
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. February 6, 2017, 00:02 am
CVE-2017-5526
2.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. March 15, 2017, 10:03 am
CVE-2017-5525
2.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
qemu Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. March 15, 2017, 10:03 am
CVE-2017-5495
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious quagga All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet vty CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface vty input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10. January 24, 2017, 01:01 am
CVE-2017-5486
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). January 27, 2017, 19:01 pm
CVE-2017-5485
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap(). January 27, 2017, 19:01 pm
CVE-2017-5484
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print(). January 27, 2017, 19:01 pm
CVE-2017-5483
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse(). January 27, 2017, 19:01 pm
CVE-2017-5482
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575. January 27, 2017, 19:01 pm
CVE-2017-5461
9.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Critical nss Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. May 10, 2017, 20:05 pm
CVE-2017-5357
3.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
ed regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. February 16, 2017, 20:02 pm
CVE-2017-5342
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). January 27, 2017, 19:01 pm
CVE-2017-5341
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). January 27, 2017, 19:01 pm
CVE-2017-5340
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. January 11, 2017, 00:01 am
CVE-2017-5337
5.3 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
CGX 1.8 Resolved
Normal gnutls Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. March 24, 2017, 10:03 am
CVE-2017-5336
5.3 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 1.8 Resolved
Normal gnutls Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. March 24, 2017, 10:03 am
CVE-2017-5335
5.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.4 Resolved
CGX 1.8 Resolved
Normal gnutls The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. March 24, 2017, 10:03 am
CVE-2017-5334
5.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
gnutls Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. March 24, 2017, 10:03 am
CVE-2017-5225
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
tiff LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. January 12, 2017, 05:01 am
CVE-2017-5205
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). January 27, 2017, 19:01 pm
CVE-2017-5204
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). January 27, 2017, 19:01 pm
CVE-2017-5203
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). January 27, 2017, 19:01 pm
CVE-2017-5202
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
tcpdump The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). January 27, 2017, 19:01 pm
CVE-2017-5130
8.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Serious libxml2 An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. February 7, 2018, 17:02 pm
CVE-2017-5123
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious kernel ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. October 17, 2017, 20:10 pm
CVE-2017-5029
8.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High libxslt The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. April 24, 2017, 18:04 pm
CVE-2017-4967
6.1 MV Product/Version
affected:
Normal rabbitmq An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. June 13, 2017, 01:06 am
CVE-2017-4966
7.8 MV Product/Version
affected:
Serious rabbitmq An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browsers local storage without expiration, making it possible to retrieve them using a chained attack. June 13, 2017, 01:06 am
CVE-2017-4965
6.1 MV Product/Version
affected:
Normal rabbitmq An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. June 13, 2017, 01:06 am
CVE-2017-3738
5.9 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal openssl There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. December 7, 2017, 10:12 am
CVE-2017-3737
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal openssl OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an error state mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. December 7, 2017, 10:12 am
CVE-2017-3736
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Normal openssl There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. November 2, 2017, 12:11 pm
CVE-2017-3735
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious openssl While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. August 28, 2017, 14:08 pm
CVE-2017-3733
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious openssl During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. May 4, 2017, 14:05 pm
CVE-2017-3732
5.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Medium openssl There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. May 4, 2017, 14:05 pm
CVE-2017-3731
5.9 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
openssl If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. May 4, 2017, 14:05 pm
CVE-2017-3730
5.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
openssl In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. May 4, 2017, 14:05 pm
CVE-2017-3653
3.1 MV Product/Version
affected:
Low mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). August 8, 2017, 10:08 am
CVE-2017-3652
4.2 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). August 8, 2017, 10:08 am
CVE-2017-3651
4.3 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). August 8, 2017, 10:08 am
CVE-2017-3650
3.7 MV Product/Version
affected:
Low mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). August 8, 2017, 10:08 am
CVE-2017-3649
4.4 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3648
4.4 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3647
4.4 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3646
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3645
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3644
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3643
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3642
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3641
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3640
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3639
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3638
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3637
5.3 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3636
5.3 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). August 8, 2017, 10:08 am
CVE-2017-3635
5.3 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3634
6.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3633
6.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H). August 8, 2017, 10:08 am
CVE-2017-3600
6.6 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). April 24, 2017, 14:04 pm
CVE-2017-3599
7.5 MV Product/Version
affected:
Serious mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet. April 24, 2017, 14:04 pm
CVE-2017-3529
5.3 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). August 8, 2017, 10:08 am
CVE-2017-3468
3.1 MV Product/Version
affected:
Low mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). April 24, 2017, 14:04 pm
CVE-2017-3467
3.7 MV Product/Version
affected:
Low mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). April 24, 2017, 14:04 pm
CVE-2017-3465
4.3 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). April 24, 2017, 14:04 pm
CVE-2017-3464
4.3 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). April 24, 2017, 14:04 pm
CVE-2017-3463
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3462
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3461
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3460
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3459
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3458
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3457
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3456
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3455
5.4 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). April 24, 2017, 14:04 pm
CVE-2017-3454
5.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). April 24, 2017, 14:04 pm
CVE-2017-3453
6.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3452
6.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3450
7.5 MV Product/Version
affected:
Serious mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3331
6.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3329
7.5 MV Product/Version
affected:
Serious mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3320
2.4 MV Product/Version
affected:
Low mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts). January 27, 2017, 16:01 pm
CVE-2017-3319
3.1 MV Product/Version
affected:
Low mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts). January 27, 2017, 16:01 pm
CVE-2017-3318
4.0 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts). January 27, 2017, 16:01 pm
CVE-2017-3317
4.0 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3313
4.7 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). January 27, 2017, 16:01 pm
CVE-2017-3312
6.7 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3309
7.7 MV Product/Version
affected:
Serious mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3308
7.7 MV Product/Version
affected:
Serious mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). April 24, 2017, 14:04 pm
CVE-2017-3305
6.8 MV Product/Version
affected:
CGE 7.0 In progress
mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, The Riddle. April 24, 2017, 14:04 pm
CVE-2017-3302
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 In progress
CGX 2.2 In progress
Serious mysql mariadb Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. February 11, 2017, 22:02 pm
CVE-2017-3291
6.3 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3273
6.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3265
5.6 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3258
6.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3257
6.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3256
6.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3251
4.9 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3244
6.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3243
4.4 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3238
6.5 MV Product/Version
affected:
Normal mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). January 27, 2017, 16:01 pm
CVE-2017-3169
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical apache2 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port. June 19, 2017, 20:06 pm
CVE-2017-3167
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical apache2 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. June 19, 2017, 20:06 pm
CVE-2017-3145
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Serious bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. August 3, 2018, 10:08 am
CVE-2017-3144
5.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal dhcp ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 2, 2018, 19:07 pm
CVE-2017-3143
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 1.8 Resolved
Serious bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. August 3, 2018, 10:08 am
CVE-2017-3142
5.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.2 Resolved
Normal bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 2, 2018, 19:07 pm
CVE-2017-3141
7.2 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. May 4, 2018, 17:05 pm
CVE-2017-3140
3.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Low bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2017-3138
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 2, 2018, 19:07 pm
CVE-2017-3137
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2017-3136
5.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 01:06 am
CVE-2017-3135
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
bind ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 2, 2018, 19:07 pm
CVE-2017-2885
7.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious libsoup ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. August 10, 2017, 16:08 pm
CVE-2017-2870
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious gdk-pixbuf An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. September 5, 2017, 13:09 pm
CVE-2017-2862
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious gdk-pixbuf An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. September 5, 2017, 13:09 pm
CVE-2017-2671
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Medium kernel The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. April 5, 2017, 01:04 am
CVE-2017-2647
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. March 30, 2017, 23:03 pm
CVE-2017-2636
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
High kernel Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. March 7, 2017, 16:03 pm
CVE-2017-2633
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 12, 2017, 22:04 pm
CVE-2017-2630
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 12, 2017, 04:04 am
CVE-2017-2629
4.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
curl ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. February 23, 2017, 17:02 pm
CVE-2017-2628
9.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical curl curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. March 12, 2018, 10:03 am
CVE-2017-2626
5.2 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.0 In progress
CGX 1.8 Resolved
libice ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 2, 2018, 19:07 pm
CVE-2017-2625
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
libxdmcp ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. March 2, 2017, 04:03 am
CVE-2017-2624
5.6 MV Product/Version
affected:
x11 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. March 2, 2017, 03:03 am
CVE-2017-2620
7.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 12, 2017, 22:04 pm
CVE-2017-2619
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious samba Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. March 12, 2018, 10:03 am
CVE-2017-2618
5.5 MV Product/Version
affected:
Normal kernel A flaw was found in the Linux kernels handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. July 27, 2018, 14:07 pm
CVE-2017-2616
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
util-linux ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. July 2, 2018, 19:07 pm
CVE-2017-2615
7.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. April 12, 2017, 22:04 pm
CVE-2017-2596
6.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Medium kernel The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references. February 6, 2017, 00:02 am
CVE-2017-2584
5.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
kernel arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. January 14, 2017, 20:01 pm
CVE-2017-2583
4.9 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
kernel The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. February 6, 2017, 00:02 am
CVE-2017-2193
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious postgresql Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. June 9, 2017, 11:06 am
CVE-2017-18344
4.9 MV Product/Version
affected:
Normal kernel The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesnt properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). July 26, 2018, 14:07 pm
CVE-2017-18270
7.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Serious kernel In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service. May 18, 2018, 11:05 am
CVE-2017-18269
8.7 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Serious glibc An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. May 18, 2018, 11:05 am
CVE-2017-18266
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
Serious xdg-utils The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable. May 10, 2018, 09:05 am
CVE-2017-18261
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER. April 19, 2018, 03:04 am
CVE-2017-18258
5.7 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.4 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal libxml2 The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. April 8, 2018, 12:04 pm
CVE-2017-18257
5.5 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. April 4, 2018, 12:04 pm
CVE-2017-18255
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation. March 31, 2018, 12:03 pm
CVE-2017-18249
7.0 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Serious kernel The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. March 26, 2018, 15:03 pm
CVE-2017-18248
5.3 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
CGE 7.0 In progress
Normal cups The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. March 26, 2018, 12:03 pm
CVE-2017-18241
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. March 21, 2018, 11:03 am
CVE-2017-18232
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. March 14, 2018, 23:03 pm
CVE-2017-18224
4.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field. March 11, 2018, 22:03 pm
CVE-2017-18222
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings. March 8, 2018, 08:03 am
CVE-2017-18221
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls. March 7, 2018, 02:03 am
CVE-2017-18218
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit. March 5, 2018, 14:03 pm
CVE-2017-18216
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Normal kernel In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used. March 5, 2018, 12:03 pm
CVE-2017-18208
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. February 28, 2018, 23:02 pm
CVE-2017-18204
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. February 27, 2018, 14:02 pm
CVE-2017-18203
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices. February 27, 2018, 14:02 pm
CVE-2017-18202
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical kernel The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window. February 27, 2018, 00:02 am
CVE-2017-18200
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. February 25, 2018, 21:02 pm
CVE-2017-18193
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal kernel fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads. February 22, 2018, 09:02 am
CVE-2017-18174
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical kernel In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. February 11, 2018, 12:02 pm
CVE-2017-18079
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious kernel drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. January 28, 2018, 23:01 pm
CVE-2017-18078
6.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
Normal systemd systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file. January 28, 2018, 23:01 pm
CVE-2017-18075
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious kernel crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. January 24, 2018, 04:01 am
CVE-2017-18043
6.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 In progress
Normal qemu Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash). January 31, 2018, 14:01 pm
CVE-2017-18030
3.0 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low qemu The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. January 23, 2018, 12:01 pm
CVE-2017-18018
7.9 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Serious coreutils In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX -R -L options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. January 3, 2018, 22:01 pm
CVE-2017-18017
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. January 3, 2018, 00:01 am
CVE-2017-18013
5.0 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal tiff In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash. January 1, 2018, 02:01 am
CVE-2017-17997
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wireshark In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. December 30, 2017, 01:12 am
CVE-2017-17975
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail labels code attempts to both access and free this data structure. December 29, 2017, 19:12 pm
CVE-2017-17935
7.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. December 27, 2017, 11:12 am
CVE-2017-17864
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a pointer leak. December 27, 2017, 11:12 am
CVE-2017-17863
4.7 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact. December 27, 2017, 11:12 am
CVE-2017-17862
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service. December 27, 2017, 11:12 am
CVE-2017-17857
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious kernel The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. December 27, 2017, 11:12 am
CVE-2017-17856
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. December 27, 2017, 11:12 am
CVE-2017-17855
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. December 27, 2017, 11:12 am
CVE-2017-17854
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. December 27, 2017, 11:12 am
CVE-2017-17853
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations. December 27, 2017, 11:12 am
CVE-2017-17852
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops. December 27, 2017, 11:12 am
CVE-2017-17840
4.3 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
Normal iscsi-initiator-utils An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation. December 27, 2017, 11:12 am
CVE-2017-17807
3.3 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low kernel The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current tasks default request-key keyring via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. December 20, 2017, 17:12 pm
CVE-2017-17806
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious kernel The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. December 20, 2017, 17:12 pm
CVE-2017-17805
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. December 20, 2017, 17:12 pm
CVE-2017-17790
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical ruby The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a | character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely. December 20, 2017, 03:12 am
CVE-2017-17742
5.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal ruby Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. April 3, 2018, 17:04 pm
CVE-2017-17741
4.1 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. December 18, 2017, 02:12 am
CVE-2017-17740
7.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Serious openldap contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. December 18, 2017, 00:12 am
CVE-2017-17712
8.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges. December 15, 2017, 19:12 pm
CVE-2017-17558
6.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. December 12, 2017, 09:12 am
CVE-2017-17522
8.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
Serious python ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting. December 14, 2017, 10:12 am
CVE-2017-17457
6.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal libsndfile The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246. December 7, 2017, 02:12 am
CVE-2017-17456
6.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal libsndfile The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245. December 7, 2017, 02:12 am
CVE-2017-17450
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. December 6, 2017, 18:12 pm
CVE-2017-17449
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. December 6, 2017, 18:12 pm
CVE-2017-17448
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces. December 6, 2017, 18:12 pm
CVE-2017-17434
9.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
Critical rsync The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in xname follows strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. December 5, 2017, 21:12 pm
CVE-2017-17433
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
Critical rsync The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. December 5, 2017, 21:12 pm
CVE-2017-17426
8.1 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious glibc The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. December 5, 2017, 11:12 am
CVE-2017-17405
8.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
Serious ruby Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the | pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. December 15, 2017, 03:12 am
CVE-2017-17381
3.4 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low qemu The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. December 6, 2017, 20:12 pm
CVE-2017-17126
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious binutils The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers. December 4, 2017, 02:12 am
CVE-2017-17125
7.8 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious binutils nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file. December 4, 2017, 02:12 am
CVE-2017-17124
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious binutils The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary. December 4, 2017, 02:12 am
CVE-2017-17123
5.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal binutils The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file. December 4, 2017, 02:12 am
CVE-2017-17122
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.0 Resolved
Serious binutils The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file. December 4, 2017, 02:12 am
CVE-2017-17121
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section. December 4, 2017, 02:12 am
CVE-2017-17095
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 In progress
CGX 2.2 In progress
Normal tiff tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. December 2, 2017, 00:12 am
CVE-2017-17087
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
Normal vim fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editors primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. December 1, 2017, 02:12 am
CVE-2017-17085
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. December 1, 2017, 02:12 am
CVE-2017-17084
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. December 1, 2017, 02:12 am
CVE-2017-17083
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. December 1, 2017, 02:12 am
CVE-2017-17080
5.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal binutils elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status. November 30, 2017, 15:11 pm
CVE-2017-17053
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y. November 28, 2017, 21:11 pm
CVE-2017-17052
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new processs mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. November 28, 2017, 21:11 pm
CVE-2017-16997
7.8 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.4 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious glibc elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the ./ directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. December 17, 2017, 19:12 pm
CVE-2017-16996
7.7 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious kernel kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling. December 27, 2017, 11:12 am
CVE-2017-16995
7.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension. December 27, 2017, 11:12 am
CVE-2017-16994
3.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Low kernel The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. November 27, 2017, 13:11 pm
CVE-2017-16942
6.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 In progress
Normal libsndfile In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. November 25, 2017, 11:11 am
CVE-2017-16939
8.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
Serious kernel The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. November 24, 2017, 04:11 am
CVE-2017-16932
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious libxml2 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. November 23, 2017, 15:11 pm
CVE-2017-16931
9.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical libxml2 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a % character in a DTD name. November 23, 2017, 15:11 pm
CVE-2017-16914
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious kernel The stub_send_ret_submit() function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. January 31, 2018, 16:01 pm
CVE-2017-16913
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The stub_recv_cmd_submit() function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet. January 31, 2018, 16:01 pm
CVE-2017-16912
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The get_pipe() function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. January 31, 2018, 16:01 pm
CVE-2017-16911
5.5 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
Normal kernel The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. January 31, 2018, 16:01 pm
CVE-2017-16879
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious ncurses Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. November 22, 2017, 16:11 pm
CVE-2017-16845
3.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Low qemu hw/input/ps2.c in Qemu does not validate rptr and count values during guest migration, leading to out-of-bounds access. November 17, 2017, 14:11 pm
CVE-2017-16832
7.8 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
Serious binutils The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. November 15, 2017, 02:11 am
CVE-2017-16831
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
Serious binutils coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. November 15, 2017, 02:11 am
CVE-2017-16830
7.8 MV Product/Version
affected:
CGX 2.2 In progress
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
Serious binutils The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file. November 15, 2017, 02:11 am
CVE-2017-16829
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 2.4 In progress
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious binutils The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file. November 15, 2017, 02:11 am
CVE-2017-16828
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious binutils The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. November 15, 2017, 02:11 am
CVE-2017-16827
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
MVL6 Toolchain 4.4 Resolved
Serious binutils The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. November 15, 2017, 02:11 am
CVE-2017-16826
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 In progress
CGX 2.4 In progress
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
Serious binutils The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file. November 15, 2017, 02:11 am
CVE-2017-16808
5.5 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
Normal tcpdump tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. November 13, 2017, 15:11 pm
CVE-2017-16650
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. November 7, 2017, 17:11 pm
CVE-2017-16649
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. November 7, 2017, 17:11 pm
CVE-2017-16648
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. November 7, 2017, 17:11 pm
CVE-2017-16647
4.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. November 7, 2017, 17:11 pm
CVE-2017-16646
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. November 7, 2017, 17:11 pm
CVE-2017-16645
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. November 7, 2017, 17:11 pm
CVE-2017-16644
4.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Normal kernel The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. November 7, 2017, 17:11 pm
CVE-2017-16643
4.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. November 7, 2017, 17:11 pm
CVE-2017-16642
7.5 MV Product/Version
affected:
Serious php In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extensions timelib_meridian handling of front of and back of directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. November 7, 2017, 15:11 pm
CVE-2017-16612
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious libxcursor libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. December 1, 2017, 11:12 am
CVE-2017-16611
4.3 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 In progress
CGX 2.2 Resolved
CGE 7.0 In progress
Normal libxfont In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. December 1, 2017, 11:12 am
CVE-2017-16548
9.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical rsync The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. November 5, 2017, 23:11 pm
CVE-2017-16544
8.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 In progress
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Serious busybox In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. November 20, 2017, 09:11 am
CVE-2017-16538
4.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). November 3, 2017, 20:11 pm
CVE-2017-16537
4.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Normal kernel The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. November 3, 2017, 20:11 pm
CVE-2017-16536
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal kernel The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. November 3, 2017, 20:11 pm
CVE-2017-16535
4.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. November 3, 2017, 20:11 pm
CVE-2017-16534
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. November 3, 2017, 20:11 pm
CVE-2017-16533
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. November 3, 2017, 20:11 pm
CVE-2017-16532
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal kernel The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. November 3, 2017, 20:11 pm
CVE-2017-16531
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. November 3, 2017, 20:11 pm
CVE-2017-16530
4.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Normal kernel The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c. November 3, 2017, 20:11 pm
CVE-2017-16529
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal kernel The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. November 3, 2017, 20:11 pm
CVE-2017-16528
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
Normal kernel sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. November 3, 2017, 20:11 pm
CVE-2017-16527
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. November 3, 2017, 20:11 pm
CVE-2017-16526
4.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device. November 3, 2017, 20:11 pm
CVE-2017-16525
4.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal kernel The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. November 3, 2017, 20:11 pm
CVE-2017-16227
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious quagga The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. October 29, 2017, 15:10 pm
CVE-2017-15996
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
Serious binutils elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a buffer overflow on fuzzed archive header, related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. October 29, 2017, 12:10 pm
CVE-2017-15994
9.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Critical rsync rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. October 29, 2017, 01:10 am
CVE-2017-15951
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the negative state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. October 27, 2017, 21:10 pm
CVE-2017-15939
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.4 In progress
Normal binutils dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. October 27, 2017, 16:10 pm
CVE-2017-15938
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
Serious binutils dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). October 27, 2017, 16:10 pm
CVE-2017-15908
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious systemd In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the systemd-resolved service and cause a DoS of the affected service. October 26, 2017, 09:10 am
CVE-2017-15906
5.3 MV Product/Version
affected:
CGX 2.0 In progress
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal openssh The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. October 25, 2017, 22:10 pm
CVE-2017-15874
5.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal busybox archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. October 24, 2017, 15:10 pm
CVE-2017-15873
5.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.4 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal busybox The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. October 24, 2017, 15:10 pm
CVE-2017-15868
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. December 5, 2017, 17:12 pm
CVE-2017-15804
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Critical glibc The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. October 22, 2017, 15:10 pm
CVE-2017-15715
3.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low apache2 In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match $ to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. March 26, 2018, 10:03 am
CVE-2017-15710
5.9 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal apache2 In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the users credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, en-US is truncated to en). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all. March 26, 2018, 10:03 am
CVE-2017-15671
5.9 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
Normal glibc The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). October 20, 2017, 12:10 pm
CVE-2017-15670
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
Critical glibc The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. October 20, 2017, 12:10 pm
CVE-2017-15649
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious kernel net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. October 19, 2017, 17:10 pm
CVE-2017-15537
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 In progress
CGE 7.0 In progress
Normal kernel The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c. October 17, 2017, 13:10 pm
CVE-2017-15412
8.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious libxml2 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. August 9, 2018, 18:08 pm
CVE-2017-15365
8.8 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
Serious mariadb sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. January 25, 2018, 10:01 am
CVE-2017-15306
5.9 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. November 6, 2017, 12:11 pm
CVE-2017-15299
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
Normal kernel The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. October 14, 2017, 18:10 pm
CVE-2017-15298
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
Normal git Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. October 14, 2017, 17:10 pm
CVE-2017-15289
4.4 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal qemu The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. October 16, 2017, 13:10 pm
CVE-2017-15286
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious sqlite SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. October 12, 2017, 03:10 am
CVE-2017-15275
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious samba Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. November 27, 2017, 16:11 pm
CVE-2017-15274
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. October 11, 2017, 19:10 pm
CVE-2017-15268
3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Low qemu Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. October 12, 2017, 10:10 am
CVE-2017-15265
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious kernel Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c. October 16, 2017, 13:10 pm
CVE-2017-15225
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.2 Resolved
CGX 2.4 In progress
Normal binutils _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. October 10, 2017, 18:10 pm
CVE-2017-15193
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. October 10, 2017, 16:10 pm
CVE-2017-15192
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. October 10, 2017, 16:10 pm
CVE-2017-15191
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. October 10, 2017, 16:10 pm
CVE-2017-15190
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. October 10, 2017, 16:10 pm
CVE-2017-15189
7.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious wireshark In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. October 10, 2017, 16:10 pm
CVE-2017-15129
7.7 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. January 9, 2018, 13:01 pm
CVE-2017-15128
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG). January 14, 2018, 00:01 am
CVE-2017-15127
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG). January 14, 2018, 00:01 am
CVE-2017-15126
8.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put(). January 14, 2018, 00:01 am
CVE-2017-15124
3.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Low qemu VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. January 9, 2018, 15:01 pm
CVE-2017-15119
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
Normal qemu The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. July 27, 2018, 11:07 am
CVE-2017-15118
8.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious qemu ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. May 2, 2018, 11:05 am
CVE-2017-15116
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 2.0 Resolved
CGE 7.0 In progress
Normal kernel The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). November 30, 2017, 12:11 pm
CVE-2017-15115
4.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal kernel The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. November 15, 2017, 15:11 pm
CVE-2017-15107
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
Serious dnsmasq A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist. January 23, 2018, 10:01 am
CVE-2017-15102
6.3 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Normal kernel The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. November 15, 2017, 15:11 pm
CVE-2017-15099
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal postgresql INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege. November 22, 2017, 12:11 pm
CVE-2017-15098
8.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious postgresql Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory. November 22, 2017, 11:11 am
CVE-2017-15047
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical redis The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging limited access to the machine. October 5, 2017, 23:10 pm
CVE-2017-15042
5.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal go An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesnt advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password. October 5, 2017, 16:10 pm
CVE-2017-15041
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
Critical go Go before 1.8.4 and 1.9.x before 1.9.1 allows go get remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, go get can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repositorys Git checkout has malicious commands in .git/hooks/, they will execute on the system running go get. October 5, 2017, 16:10 pm
CVE-2017-15038
3.2 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Low qemu Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. October 9, 2017, 20:10 pm
CVE-2017-15025
5.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.4 In progress
Normal binutils decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. October 4, 2017, 20:10 pm
CVE-2017-15024
5.5 MV Product/Version
affected:
CGX 2.4 In progress
CGE 7.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Normal binutils find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. October 4, 2017, 20:10 pm
CVE-2017-15023
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
Normal binutils read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. October 4, 2017, 20:10 pm
CVE-2017-15022
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.4 In progress
Normal binutils dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. October 4, 2017, 20:10 pm
CVE-2017-15021
5.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.4 In progress
Normal binutils bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. October 4, 2017, 20:10 pm
CVE-2017-15020
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
CGE 7.0 Resolved
Serious binutils dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. October 4, 2017, 20:10 pm
CVE-2017-15011
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.0 In progress
CGE 7.0 Resolved
CGX 2.2 In progress
Serious qt The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. October 3, 2017, 20:10 pm
CVE-2017-14992
6.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 Resolved
Normal docker Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. November 1, 2017, 12:11 pm
CVE-2017-14991
5.5 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 Resolved
CGX 2.0 In progress
CGX 2.2 In progress
Normal kernel The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0. October 3, 2017, 20:10 pm
CVE-2017-14974
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.2 Resolved
CGX 2.4 In progress
Normal binutils The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. October 1, 2017, 20:10 pm
CVE-2017-14970
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
Serious openvswitch In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table. October 1, 2017, 20:10 pm
CVE-2017-14954
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call. October 1, 2017, 20:10 pm
CVE-2017-14940
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.4 In progress
Normal binutils scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. September 29, 2017, 20:09 pm
CVE-2017-14939
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
Normal binutils decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. September 29, 2017, 20:09 pm
CVE-2017-14938
5.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 In progress
Normal binutils _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. September 29, 2017, 20:09 pm
CVE-2017-14934
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 In progress
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
Normal binutils process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. September 29, 2017, 20:09 pm
CVE-2017-14933
5.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.2 Resolved
Normal binutils read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. September 29, 2017, 20:09 pm
CVE-2017-14932
5.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.2 Resolved
CGX 2.4 In progress
Normal binutils decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. September 29, 2017, 20:09 pm
CVE-2017-14930
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.2 Resolved
CGX 2.4 In progress
CGE 7.0 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
Normal binutils Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. September 29, 2017, 20:09 pm
CVE-2017-14867
8.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.2 Resolved
Serious git Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. September 28, 2017, 20:09 pm
CVE-2017-14746
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
Critical samba Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. November 27, 2017, 16:11 pm
CVE-2017-14745
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
Serious binutils The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. September 26, 2017, 11:09 am
CVE-2017-14729
7.8 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
Serious binutils The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. September 25, 2017, 11:09 am
CVE-2017-14634
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal libsndfile In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. September 21, 2017, 02:09 am
CVE-2017-14633
6.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal libvorbis In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). September 21, 2017, 02:09 am
CVE-2017-14632
9.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Critical libvorbis Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. September 21, 2017, 02:09 am
CVE-2017-14529
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal binutils The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. September 17, 2017, 19:09 pm
CVE-2017-14503
6.5 MV Product/Version
affected:
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal libarchive libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. September 17, 2017, 13:09 pm
CVE-2017-14502
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious libarchive read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. September 17, 2017, 13:09 pm
CVE-2017-14501
6.5 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.4 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal libarchive An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. September 17, 2017, 13:09 pm
CVE-2017-14497
6.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal kernel The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. September 15, 2017, 13:09 pm
CVE-2017-14496
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious dnsmasq Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. October 2, 2017, 20:10 pm
CVE-2017-14495
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious dnsmasq Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. October 2, 2017, 20:10 pm
CVE-2017-14494
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal dnsmasq dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. October 2, 2017, 20:10 pm
CVE-2017-14493
8.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious dnsmasq Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. October 2, 2017, 20:10 pm
CVE-2017-14492
8.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious dnsmasq Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. October 2, 2017, 20:10 pm
CVE-2017-14491
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical dnsmasq Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. October 3, 2017, 20:10 pm
CVE-2017-14489
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Normal kernel The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. September 15, 2017, 05:09 am
CVE-2017-14340
5.9 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 2.2 In progress
Normal kernel The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. September 15, 2017, 06:09 am
CVE-2017-14333
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
Serious binutils The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during readelf -a execution. September 12, 2017, 03:09 am
CVE-2017-14246
8.1 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.4 Resolved
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 In progress
Serious libsndfile An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. September 21, 2017, 08:09 am
CVE-2017-14245
8.1 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 In progress
Serious libsndfile An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. September 21, 2017, 08:09 am
CVE-2017-14167
4.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal qemu Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. September 8, 2017, 13:09 pm
CVE-2017-14166
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal libarchive libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. September 6, 2017, 13:09 pm
CVE-2017-14160
8.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 In progress
Serious libvorbis The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. September 21, 2017, 09:09 am
CVE-2017-14159
4.7 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 In progress
CGE 7.0 In progress
CGX 2.2 In progress
Normal openldap slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a kill `cat /pathname` command, as demonstrated by openldap-initscript. September 5, 2017, 13:09 pm
CVE-2017-14156
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
Normal kernel The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes. September 5, 2017, 12:09 pm
CVE-2017-14140
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesnt check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR. September 5, 2017, 01:09 am
CVE-2017-14130
5.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
Normal binutils The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. September 4, 2017, 15:09 pm
CVE-2017-14129
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
Normal binutils The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. September 4, 2017, 15:09 pm
CVE-2017-14128
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
Normal binutils The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. September 4, 2017, 15:09 pm
CVE-2017-14107
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 In progress
CGX 1.8 Resolved
Normal zip The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. September 1, 2017, 12:09 pm
CVE-2017-14106
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. September 1, 2017, 11:09 am
CVE-2017-14064
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical ruby Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a byte, returning a pointer to a string of length zero, which is not the length stored in space_len. August 31, 2017, 12:08 pm
CVE-2017-14051
4.4 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal kernel An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access. August 30, 2017, 23:08 pm
CVE-2017-14033
5.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal ruby The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. September 19, 2017, 12:09 pm
CVE-2017-13767
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Serious wireshark In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. August 30, 2017, 04:08 am
CVE-2017-13766
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. August 30, 2017, 04:08 am
CVE-2017-13765
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. August 30, 2017, 04:08 am
CVE-2017-13764
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious wireshark In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. August 30, 2017, 04:08 am
CVE-2017-13757
5.5 MV Product/Version
affected:
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 Resolved
Normal binutils The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c. August 29, 2017, 18:08 pm
CVE-2017-13734
6.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Normal ncurses There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. August 29, 2017, 01:08 am
CVE-2017-13733
6.5 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
Normal ncurses There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. August 29, 2017, 01:08 am
CVE-2017-13732
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Normal ncurses There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. August 29, 2017, 01:08 am
CVE-2017-13731
6.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal ncurses There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. August 29, 2017, 01:08 am
CVE-2017-13730
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal ncurses There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. August 29, 2017, 01:08 am
CVE-2017-13729
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal ncurses There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. August 29, 2017, 01:08 am
CVE-2017-13728
7.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious ncurses There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. August 29, 2017, 01:08 am
CVE-2017-13727
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Normal tiff There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. August 29, 2017, 01:08 am
CVE-2017-13726
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Normal tiff There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. August 29, 2017, 01:08 am
CVE-2017-13725
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious tcpdump The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). September 14, 2017, 01:09 am
CVE-2017-13723
4.7 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 2.2 In progress
Normal xorg-xserver In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. October 9, 2017, 20:10 pm
CVE-2017-13722
5.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Normal libxfont In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. October 11, 2017, 12:10 pm
CVE-2017-13721
3.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.2 Resolved
Low xorg-xserver In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. October 9, 2017, 20:10 pm
CVE-2017-13720
5.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal libxfont In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because characters are incorrectly skipped in situations involving ? characters. October 11, 2017, 12:10 pm
CVE-2017-13716
5.5 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 2.2 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.4 In progress
Normal binutils The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). August 28, 2017, 16:08 pm
CVE-2017-13715
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Critical kernel The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet. August 28, 2017, 20:08 pm
CVE-2017-13711
3.4 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Low Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. September 1, 2017, 08:09 am
CVE-2017-13710
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
Serious binutils The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. August 27, 2017, 11:08 am
CVE-2017-13704
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious dnsmasq In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zeros (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. October 2, 2017, 20:10 pm
CVE-2017-13695
5.5 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal kernel The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. August 25, 2017, 03:08 am
CVE-2017-13694
5.5 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
CGX 2.0 In progress
CGX 1.8 Resolved
Normal kernel The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. August 25, 2017, 03:08 am
CVE-2017-13693
5.5 MV Product/Version
affected:
CGX 2.0 In progress
CGX 1.8 Resolved
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Normal kernel The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. August 25, 2017, 03:08 am
CVE-2017-13690
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. September 14, 2017, 01:09 am
CVE-2017-13689
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). September 14, 2017, 01:09 am
CVE-2017-13688
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). September 14, 2017, 01:09 am
CVE-2017-13687
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious tcpdump The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). September 14, 2017, 01:09 am
CVE-2017-13686
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious kernel net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release. August 24, 2017, 17:08 pm
CVE-2017-13685
5.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.4 In progress
CGX 2.2 In progress
CGE 7.0 Resolved
Normal sqlite The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. August 29, 2017, 01:08 am
CVE-2017-13673
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal qemu The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. August 29, 2017, 11:08 am
CVE-2017-13672
5.5 MV Product/Version
affected:
CGE 7.0 In progress
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal qemu QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. September 1, 2017, 08:09 am
CVE-2017-13138
6.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 In progress
CGX 1.8 Resolved
CGE 7.0 Resolved
Normal bridge DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. August 23, 2017, 09:08 am
CVE-2017-13090
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious wget The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunks length, but doesnt check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. October 27, 2017, 14:10 pm
CVE-2017-13089
7.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Serious wget The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunks length, but doesnt check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. October 27, 2017, 14:10 pm
CVE-2017-13088
8.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
Serious wpa-supplicant Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. October 17, 2017, 08:10 am
CVE-2017-13087
8.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
Serious wpa-supplicant Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. October 17, 2017, 08:10 am
CVE-2017-13086
8.1 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.2 Resolved
Serious wpa-supplicant Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. October 17, 2017, 08:10 am
CVE-2017-13084
6.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal wpa_supplicant Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. October 17, 2017, 08:10 am
CVE-2017-13082
8.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.0 Resolved
Serious wpa-supplicant Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. October 17, 2017, 08:10 am
CVE-2017-13081
8.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGE 7.0 In progress
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious wpa-supplicant Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. October 17, 2017, 08:10 am
CVE-2017-13080
8.1 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious wpa-supplicant Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. October 17, 2017, 08:10 am
CVE-2017-13079
8.1 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
Serious wpa-supplicant Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. October 17, 2017, 08:10 am
CVE-2017-13078
8.1 MV Product/Version
affected:
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious wpa-supplicant Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. October 17, 2017, 08:10 am
CVE-2017-13077
8.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGE 7.0 In progress
CGX 2.2 Resolved
Serious wpa-supplicant Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. October 16, 2017, 21:10 pm
CVE-2017-13055
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). September 14, 2017, 01:09 am
CVE-2017-13054
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). September 14, 2017, 01:09 am
CVE-2017-13053
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). September 14, 2017, 01:09 am
CVE-2017-13052
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious tcpdump The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). September 14, 2017, 01:09 am
CVE-2017-13051
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious tcpdump The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). September 14, 2017, 01:09 am
CVE-2017-13050
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). September 14, 2017, 01:09 am
CVE-2017-13049
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print(). September 14, 2017, 01:09 am
CVE-2017-13048
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). September 14, 2017, 01:09 am
CVE-2017-13047
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). September 14, 2017, 01:09 am
CVE-2017-13046
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). September 14, 2017, 01:09 am
CVE-2017-13045
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). September 14, 2017, 01:09 am
CVE-2017-13044
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). September 14, 2017, 01:09 am
CVE-2017-13043
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn(). September 14, 2017, 01:09 am
CVE-2017-13042
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). September 14, 2017, 01:09 am
CVE-2017-13041
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious tcpdump The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). September 14, 2017, 01:09 am
CVE-2017-13040
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. September 14, 2017, 01:09 am
CVE-2017-13039
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious tcpdump The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. September 14, 2017, 01:09 am
CVE-2017-13038
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). September 14, 2017, 01:09 am
CVE-2017-13037
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). September 14, 2017, 01:09 am
CVE-2017-13036
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). September 14, 2017, 01:09 am
CVE-2017-13035
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). September 14, 2017, 01:09 am
CVE-2017-13034
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). September 14, 2017, 01:09 am
CVE-2017-13033
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious tcpdump The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). September 14, 2017, 01:09 am
CVE-2017-13032
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). September 14, 2017, 01:09 am
CVE-2017-13031
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). September 14, 2017, 01:09 am
CVE-2017-13030
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. September 14, 2017, 01:09 am
CVE-2017-13029
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). September 14, 2017, 01:09 am
CVE-2017-13028
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). September 14, 2017, 01:09 am
CVE-2017-13027
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). September 14, 2017, 01:09 am
CVE-2017-13026
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. September 14, 2017, 01:09 am
CVE-2017-13025
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). September 14, 2017, 01:09 am
CVE-2017-13024
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). September 14, 2017, 01:09 am
CVE-2017-13023
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). September 14, 2017, 01:09 am
CVE-2017-13022
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). September 14, 2017, 01:09 am
CVE-2017-13021
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious tcpdump The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). September 14, 2017, 01:09 am
CVE-2017-13020
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Serious tcpdump The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). September 14, 2017, 01:09 am
CVE-2017-13019
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). September 14, 2017, 01:09 am
CVE-2017-13018
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). September 14, 2017, 01:09 am
CVE-2017-13017
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). September 14, 2017, 01:09 am
CVE-2017-13016
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). September 14, 2017, 01:09 am
CVE-2017-13015
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). September 14, 2017, 01:09 am
CVE-2017-13014
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. September 14, 2017, 01:09 am
CVE-2017-13013
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions. September 14, 2017, 01:09 am
CVE-2017-13012
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). September 14, 2017, 01:09 am
CVE-2017-13011
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). September 14, 2017, 01:09 am
CVE-2017-13010
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). September 14, 2017, 01:09 am
CVE-2017-13009
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). September 14, 2017, 01:09 am
CVE-2017-13008
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). September 14, 2017, 01:09 am
CVE-2017-13007
7.9 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print(). September 14, 2017, 01:09 am
CVE-2017-13006
7.6 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious tcpdump The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions. September 14, 2017, 01:09 am
CVE-2017-13005
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious tcpdump The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter(). September 14, 2017, 01:09 am
CVE-2017-13004
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). September 14, 2017, 01:09 am
CVE-2017-13003
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). September 14, 2017, 01:09 am
CVE-2017-13002
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious tcpdump The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension(). September 14, 2017, 01:09 am
CVE-2017-13001
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh(). September 14, 2017, 01:09 am
CVE-2017-13000
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious tcpdump The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). September 14, 2017, 01:09 am
CVE-2017-12999
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print(). September 14, 2017, 01:09 am
CVE-2017-12998
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious tcpdump The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach(). September 14, 2017, 01:09 am
CVE-2017-12997
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). September 14, 2017, 01:09 am
CVE-2017-12996
7.6 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Serious tcpdump The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). September 14, 2017, 01:09 am
CVE-2017-12995
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Serious tcpdump The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). September 14, 2017, 01:09 am
CVE-2017-12994
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). September 14, 2017, 01:09 am
CVE-2017-12993
6.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. September 14, 2017, 01:09 am
CVE-2017-12992
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal tcpdump The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print(). September 14, 2017, 01:09 am
CVE-2017-12991
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). September 14, 2017, 01:09 am
CVE-2017-12990
6.3 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. September 14, 2017, 01:09 am
CVE-2017-12989
6.3 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). September 14, 2017, 01:09 am
CVE-2017-12988
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal tcpdump The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse(). September 14, 2017, 01:09 am
CVE-2017-12987
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal tcpdump The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). September 14, 2017, 01:09 am
CVE-2017-12986
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). September 14, 2017, 01:09 am
CVE-2017-12985
5.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal tcpdump The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). September 14, 2017, 01:09 am
CVE-2017-12967
6.5 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
Normal binutils The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. August 19, 2017, 11:08 am
CVE-2017-12944
7.5 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Serious tiff The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. August 18, 2017, 10:08 am
CVE-2017-12934
7.5 MV Product/Version
affected:
Serious php ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP. August 17, 2017, 22:08 pm
CVE-2017-12933
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. August 17, 2017, 22:08 pm
CVE-2017-12932
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
Critical php ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP. August 17, 2017, 22:08 pm
CVE-2017-12902
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. September 14, 2017, 01:09 am
CVE-2017-12901
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). September 14, 2017, 01:09 am
CVE-2017-12900
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). September 14, 2017, 01:09 am
CVE-2017-12899
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). September 14, 2017, 01:09 am
CVE-2017-12898
5.0 MV Product/Version
affected:
Normal accel-ppp The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). September 14, 2017, 01:09 am
CVE-2017-12897
5.0 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(). September 14, 2017, 01:09 am
CVE-2017-12896
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Normal tcpdump The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). September 14, 2017, 01:09 am
CVE-2017-12895
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). September 14, 2017, 01:09 am
CVE-2017-12894
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). September 14, 2017, 01:09 am
CVE-2017-12893
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal tcpdump The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). September 14, 2017, 01:09 am
CVE-2017-12883
9.1 MV Product/Version
affected:
CGX 1.8 Resolved
CGX 2.4 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical perl Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid N{U+...} escape. September 19, 2017, 13:09 pm
CVE-2017-12865
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Critical connman Stack-based buffer overflow in dnsproxy.c in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the name variable. August 29, 2017, 11:08 am
CVE-2017-12858
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical zip Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. August 23, 2017, 09:08 am
CVE-2017-12837
7.5 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
Serious perl Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a N{} escape and the case-insensitive modifier. September 19, 2017, 13:09 pm
CVE-2017-12836
8.8 MV Product/Version
affected:
Serious cvs CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." August 24, 2017, 09:08 am
CVE-2017-12814
9.8 MV Product/Version
affected:
CGX 2.2 Resolved
CGX 2.4 Resolved
CGE 7.0 In progress
CGX 1.8 Resolved
CGX 2.0 Resolved
Critical perl Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. September 27, 2017, 20:09 pm
CVE-2017-12809
6.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. August 23, 2017, 11:08 am
CVE-2017-12799
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 1.8 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 2.2 Resolved
Serious binutils The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. August 10, 2017, 13:08 pm
CVE-2017-12762
5.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Normal kernel In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree. August 9, 2017, 16:08 pm
CVE-2017-12678
8.8 MV Product/Version
affected:
CGX 2.2 In progress
CGX 2.0 In progress
CGE 7.0 Resolved
Serious taglib In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. August 7, 2017, 20:08 pm
CVE-2017-12626
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
Serious poi Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). January 29, 2018, 11:01 am
CVE-2017-12562
9.8 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 Resolved
CGX 1.8 Resolved
Critical libsndfile Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. August 5, 2017, 12:08 pm
CVE-2017-12459
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.4 Resolved
Serious binutils The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. August 4, 2017, 10:08 am
CVE-2017-12458
7.8 MV Product/Version
affected:
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.0 Resolved
CGX 2.4 Resolved
Serious binutils The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file. August 4, 2017, 10:08 am
CVE-2017-12457
7.8 MV Product/Version
affected:
CGX 2.4 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file. August 4, 2017, 10:08 am
CVE-2017-12456
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.4 Resolved
Serious binutils The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. August 4, 2017, 10:08 am
CVE-2017-12455
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.4 Resolved
Serious binutils The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. August 4, 2017, 10:08 am
CVE-2017-12454
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. August 4, 2017, 10:08 am
CVE-2017-12453
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.4 Resolved
Serious binutils The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. August 4, 2017, 10:08 am
CVE-2017-12452
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.4 Resolved
Serious binutils The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. August 4, 2017, 10:08 am
CVE-2017-12451
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.4 Resolved
Serious binutils The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file. August 4, 2017, 10:08 am
CVE-2017-12450
7.0 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
CGX 2.4 Resolved
Serious binutils The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. August 4, 2017, 10:08 am
CVE-2017-12449
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
MVL6 Toolchain 4.4 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
Serious binutils The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file. August 4, 2017, 10:08 am
CVE-2017-12448
7.8 MV Product/Version
affected:
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.3 Resolved
MVL6 Toolchain 4.4 Resolved
CGX 2.4 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
Serious binutils The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c. August 4, 2017, 10:08 am
CVE-2017-12424
9.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
Critical shadow In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. August 4, 2017, 04:08 am
CVE-2017-12193
4.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal kernel The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. November 22, 2017, 12:11 pm
CVE-2017-12192
5.5 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.2 Resolved
Normal kernel The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation. October 11, 2017, 19:10 pm
CVE-2017-12190
6.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGE 7.0 Resolved
CGX 2.0 Resolved
Normal kernel The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition. November 22, 2017, 12:11 pm
CVE-2017-12188
7.6 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Serious kernel arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an MMU potential stack buffer overrun. October 11, 2017, 10:10 am
CVE-2017-12173
6.5 MV Product/Version
affected:
CGE 7.0 Resolved
Normal sssd ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. June 21, 2018, 18:06 pm
CVE-2017-12172
6.7 MV Product/Version
affected:
CGX 2.0 Resolved
CGE 7.0 Resolved
CGX 2.2 Resolved
Normal postgresql PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server. November 22, 2017, 13:11 pm
CVE-2017-12170
9.8 MV Product/Version
affected:
Critical pure-ftpd Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesnt affect upstream version of pure-ftpd. September 21, 2017, 16:09 pm
CVE-2017-12168
5.2 MV Product/Version
affected:
CGX 2.0 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGE 7.0 Resolved
Normal kernel The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR). September 20, 2017, 03:09 am
CVE-2017-12166
8.1 MV Product/Version
affected:
Serious openvpn OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. October 3, 2017, 20:10 pm
CVE-2017-12154
7.1 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
Serious kernel The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the CR8-load exiting and CR8-store exiting L0 vmcs02 controls exist in cases where L1 omits the use TPR shadow vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. September 26, 2017, 00:09 am
CVE-2017-12153
4.4 MV Product/Version
affected:
CGX 2.0 In progress
CGE 7.0 In progress
CGX 2.2 In progress
CGX 2.0 In progress
Normal kernel A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. September 21, 2017, 10:09 am
CVE-2017-12151
7.4 MV Product/Version
affected:
Serious samba A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. July 27, 2018, 07:07 am
CVE-2017-12150
7.4 MV Product/Version
affected:
Serious samba It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce SMB signing when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. July 26, 2018, 13:07 pm
CVE-2017-12146
7.0 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
CGX 2.0 Resolved
CGX 2.0 Resolved
Serious kernel The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides. September 8, 2017, 14:09 pm
CVE-2017-12133
5.9 MV Product/Version
affected:
MVL6 Toolchain 4.4 Resolved
CGE 7.0 Resolved
CGX 2.4 Resolved
CGX 2.2 In progress
CGX 2.0 Resolved
CGX 1.8 Resolved
Normal glibc Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to h