The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2017-7544 | libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. | MEDIUM | Sep 21, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-14729 | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | MEDIUM | Sep 25, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-1000252 | The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. | LOW | Sep 26, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-12154 | The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the CR8-load exiting and CR8-store exiting L0 vmcs02 controls exist in cases where L1 omits the use TPR shadow vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. | LOW | Sep 26, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-14745 | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | Medium | Sep 29, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-14867 | Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. | HIGH | Sep 30, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-14767 | The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. | Medium | Oct 3, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-14930 | Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | High | Oct 3, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14932 | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | Medium | Oct 3, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14938 | _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. | Medium | Oct 3, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14939 | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. | Medium | Oct 3, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14940 | scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. | Medium | Oct 3, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15018 | LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. | MEDIUM | Oct 4, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2017-15019 | LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. | MEDIUM | Oct 4, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2017-15020 | dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. | MEDIUM | Oct 4, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-15021 | bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. | MEDIUM | Oct 4, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-15022 | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. | MEDIUM | Oct 4, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15023 | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. | MEDIUM | Oct 4, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15024 | find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | MEDIUM | Oct 4, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15025 | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. | MEDIUM | Oct 4, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14974 | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | Medium | Oct 5, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-15045 | LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. | MEDIUM | Oct 6, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2017-15046 | LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. | MEDIUM | Oct 6, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2017-14991 | The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0. | LOW | Oct 7, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-1000254 | libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. | MEDIUM | Oct 9, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-13721 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | LOW | Oct 9, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-13723 | In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | MEDIUM | Oct 9, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15038 | Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. | LOW | Oct 9, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-14933 | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | Medium | Oct 10, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-14934 | process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. | Medium | Oct 10, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15225 | _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. | MEDIUM | Oct 10, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-12188 | arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an MMU potential stack buffer overrun. | MEDIUM | Oct 11, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-12192 | A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel. | MEDIUM | Oct 11, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
| CVE-2017-13720 | In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because \'\\0\' characters are incorrectly skipped in situations involving ? characters. | LOW | Oct 11, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-13722 | In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. | LOW | Oct 11, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-2888 | An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | MEDIUM | Oct 11, 2017 | 10.17.41.15 (Wind River Linux LTS 17) |
| CVE-2017-15268 | Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. | MEDIUM | Oct 12, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2017-15286 | SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. | MEDIUM | Oct 12, 2017 | 10.17.41.8 (Wind River Linux LTS 17) |
| CVE-2017-15298 | Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. | MEDIUM | Oct 14, 2017 | 10.17.41.16 (Wind River Linux LTS 17) |
| CVE-2017-15299 | The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. | MEDIUM | Oct 14, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
| CVE-2017-14952 | Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a redundant UVector entry clean up function call issue. | HIGH | Oct 16, 2017 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2017-13077 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13078 | Wi-Fi Protected Access (WPA and WPA2) allowsreinstallation of the group key in the Four-way handshake. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13079 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the integrity group key in the Four-way handshake. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13080 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the group key in the Group Key handshake. | LOW | Oct 16, 2017 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2017-13081 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the integrity group key in the Group Key handshake. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13082 | Wi-Fi Protected Access (WPA and WPA2) accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13086 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13087 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13088 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
