The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2017-12190 | The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition. | MEDIUM | Nov 22, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2017-12188 | arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an MMU potential stack buffer overrun. | MEDIUM | Oct 11, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
CVE-2017-12187 | xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12186 | xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12185 | xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12184 | xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12183 | xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12182 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12181 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12180 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12179 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12178 | xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12177 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12176 | xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12172 | PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server. | HIGH | Nov 22, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12163 | An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. | MEDIUM | Nov 8, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12154 | The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the CR8-load exiting and CR8-store exiting L0 vmcs02 controls exist in cases where L1 omits the use TPR shadow vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. | LOW | Sep 26, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
CVE-2017-12153 | A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. | MEDIUM | Sep 21, 2017 | 10.17.41.2 (Wind River Linux LTS 17) |
CVE-2017-12151 | A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. | MEDIUM | Nov 8, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-12150 | It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce SMB signing when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. | MEDIUM | Nov 8, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
CVE-2017-11714 | psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. | Medium | Aug 4, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-11613 | In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer. | MEDIUM | Jul 26, 2017 | 10.17.41.11 (Wind River Linux LTS 17) |
CVE-2017-11368 | In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | MEDIUM | Aug 9, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-11335 | There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. | Medium | Jul 20, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-11333 | The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. | Medium | Aug 4, 2017 | 10.17.41.15 (Wind River Linux LTS 17) |
CVE-2017-11185 | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. | MEDIUM | Aug 18, 2017 | 10.17.41.6 (Wind River Linux LTS 17) |
CVE-2017-11111 | In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | MEDIUM | Jul 8, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
CVE-2017-10971 | In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | MEDIUM | Jul 6, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-10790 | The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. | MEDIUM | Jul 1, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-10688 | In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. | Medium | Jul 4, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9936 | In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack. | MEDIUM | Jun 26, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9935 | In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution. | MEDIUM | Jun 26, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2017-9835 | The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.22 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. | MEDIUM | Jul 26, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9814 | cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. | Medium | Jul 19, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9800 | A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server\'s repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. | HIGH | Aug 12, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9798 | Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user\'s .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c. | MEDIUM | Sep 20, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
CVE-2017-9778 | GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. | MEDIUM | Jun 26, 2017 | 10.17.41.20 (Wind River Linux LTS 17) |
CVE-2017-9739 | The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | MEDIUM | Jul 26, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9727 | The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | MEDIUM | Jul 26, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9726 | The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | MEDIUM | Jul 26, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9612 | The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. | MEDIUM | Jul 26, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9611 | The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | MEDIUM | Jul 26, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9462 | In Mercurial before 4.1.3, hg serve --stdio allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | HIGH | Jun 8, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9229 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. | MEDIUM | Jun 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9228 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it\'s used as an index, resulting in an out-of-bounds write memory corruption. | HIGH | Jun 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9227 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. | HIGH | Jun 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9226 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of \'\\700\' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. | HIGH | Jun 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9224 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. | HIGH | Jun 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9147 | LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. | MEDIUM | May 22, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
CVE-2017-9120 | PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. | HIGH | Aug 2, 2018 | 10.17.41.27 (Wind River Linux LTS 17) |