Log

CVE-2017-16548 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
References
+ https://git.samba.org/?p=rsync.git;a=commitdiff;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
Notes
CVE-2017-16612 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ It was discovered that libxcursor before 1.1.15 is vulnerable to heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. An attacker could use local privileges or trick a user into parsing a malicious file to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.
References
+ http://openwall.com/lists/oss-security/2017/11/28/6
+ https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
+ https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
Notes
CVE-2017-16641 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary command execution
Description
+ lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
References
+ https://github.com/Cacti/cacti/commit/e8088bb6593e6a49d000c342d17402f01db8740e
Notes
CVE-2017-16643 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. The issue occurs because parse_hid_report_descriptor() has a while (i < length) loop, which only guarantees that there's at least 1 byte in the buffer, but the loop body can read multiple bytes which causes out-of-bounds access.
References
+ https://groups.google.com/forum/#!topic/syzkaller/McWFcOsA47Y
+ https://git.kernel.org/linus/a50829479f58416a013a4ccca791336af3c584c7
Notes
CVE-2017-16644 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
References
+ https://groups.google.com/forum/#!topic/syzkaller/ngC5SLvxPm4
+ https://patchwork.kernel.org/patch/9966135/
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0f71bbb810237a38734607ca4599632f7f5d47f
Notes
+ Fixed in 4.16
CVE-2017-16645 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
References
+ https://groups.google.com/forum/#!topic/syzkaller/q6jjr1OhqO8
+ https://git.kernel.org/linus/ea04efee7635c9120d015dcdeeeb6988130cb67a
Notes
CVE-2017-16646 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.
References
+ https://groups.google.com/forum/#!topic/syzkaller/-d6ilzbVu_g
+ https://git.kernel.org/linus/eb0c19942288569e0ae492476534d5a485fb8ab4
Notes
CVE-2017-16647 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
References
+ https://groups.google.com/forum/#!topic/syzkaller/_9a6pd-p_0E
+ https://git.kernel.org/linus/8f5624629105589bcc23d0e51cc01bd8103d09a5
Notes
CVE-2017-16648 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
References
+ https://groups.google.com/forum/#!topic/syzkaller/0HJQqTm0G_g
+ https://git.kernel.org/linus/b1cb7372fa822af6c06c8045963571d13ad6348b
Notes
+ the function was later renamed __dvb_frontend_free.
CVE-2017-16649 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
References
+ https://groups.google.com/forum/#!topic/syzkaller/0e0gmaX9R0g
+ https://git.kernel.org/linus/2cb80187ba065d7decad7c6614e35e07aec8a974
Notes