Log

CVE-2017-16535 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
References
+ https://groups.google.com/forum/#!topic/syzkaller/tzdz2fTB1K0
+ https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e
Notes
CVE-2017-16536 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6c3b047fa2d2286d5e438bcb470c7b1a49f415f6
+ https://groups.google.com/forum/#!topic/syzkaller/WlUAVfDvpRk
Notes
CVE-2017-16537 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
References
+ https://groups.google.com/forum/#!topic/syzkaller/bBFN8imrjjo
+ https://patchwork.kernel.org/patch/9994017/
Notes
CVE-2017-16538 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
References
+ https://groups.google.com/forum/#!topic/syzkaller/XwNidsl4X04
+ https://patchwork.linuxtv.org/patch/44566/
+ https://patchwork.linuxtv.org/patch/44567/
Notes
CVE-2017-16544 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
References
+ https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
+ https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
Notes
CVE-2017-16547 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ The DrawImage function in magick/render.c in GraphicsMagick before 1.3.27 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.
References
+ https://sourceforge.net/p/graphicsmagick/bugs/517/
+ http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc
Notes
CVE-2017-16548 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
References
+ https://git.samba.org/?p=rsync.git;a=commitdiff;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
Notes
CVE-2017-16612 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ It was discovered that libxcursor before 1.1.15 is vulnerable to heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. An attacker could use local privileges or trick a user into parsing a malicious file to cause libxcursor to crash, resulting in a denial of service, or possibly execute arbitrary code.
References
+ http://openwall.com/lists/oss-security/2017/11/28/6
+ https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
+ https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
Notes
CVE-2017-16641 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary command execution
Description
+ lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
References
+ https://github.com/Cacti/cacti/commit/e8088bb6593e6a49d000c342d17402f01db8740e
Notes
CVE-2017-16643 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Denial of service
Description
+ The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. The issue occurs because parse_hid_report_descriptor() has a while (i < length) loop, which only guarantees that there's at least 1 byte in the buffer, but the loop body can read multiple bytes which causes out-of-bounds access.
References
+ https://groups.google.com/forum/#!topic/syzkaller/McWFcOsA47Y
+ https://git.kernel.org/linus/a50829479f58416a013a4ccca791336af3c584c7
Notes