Skip to main content
CVE-2017-9757 HIGH POC THREAT Act Now

IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.9%.

CSRF Command Injection Ipfire
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
77.9%
Threat
5.6
CVE-2017-1000364 HIGH POC Act Now

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Linux Kernel
NVD Exploit-DB
CVSS 3.0
7.4
EPSS
3.1%
CVE-2017-1000366 HIGH POC PATCH This Week

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow RCE Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +17
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
8.9%
CVE-2017-9759 HIGH POC This Week

SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zenbership
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-9749 HIGH POC PATCH This Week

The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Binutils
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.3%
CVE-2017-9746 HIGH POC PATCH This Week

The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Binutils
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.3%
CVE-2017-9750 HIGH POC PATCH This Week

opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Binutils
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.4%
CVE-2017-1000371 HIGH POC This Week

The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.2%
CVE-2017-9748 HIGH POC PATCH This Week

The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Binutils
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2017-9747 HIGH POC PATCH This Week

The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Binutils
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2017-9742 HIGH POC PATCH This Week

The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Binutils
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2017-1000370 HIGH POC This Week

The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.7%
CVE-2017-9756 HIGH POC PATCH This Week

The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Binutils
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.3%
CVE-2017-1000379 HIGH POC This Week

The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.7%
CVE-2017-9753 HIGH PATCH This Week

The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2017-9743 HIGH PATCH This Week

The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2017-9755 HIGH PATCH This Week

opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2017-9751 HIGH PATCH This Week

opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2017-9754 HIGH PATCH This Week

The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2017-9744 HIGH PATCH This Week

The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2017-9745 HIGH PATCH This Week

The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2017-9752 HIGH PATCH This Week

bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Binutils
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2017-1000365 HIGH This Week

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Linux Authentication Bypass Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-4985 HIGH This Week

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Vnx2 Firmware Vnx1 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-9763 HIGH PATCH This Week

The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Radare2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-1000376 HIGH This Week

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow RCE Enterprise Virtualization Server Openshift Enterprise Linux +3
NVD
CVSS 3.1
7.0
EPSS
2.4%
CVE-2017-4987 HIGH This Week

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Vnx2 Firmware Vnx1 Firmware
NVD
CVSS 3.0
7.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy