Skip to main content
CVE-2017-16541 MEDIUM POC This Month

Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Mozilla Information Disclosure Tor Enterprise Linux Desktop +6
NVD
CVSS 3.1
6.5
EPSS
7.7%
CVE-2017-16540 HIGH POC PATCH This Week

OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Openemr
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-16526 HIGH PATCH This Week

drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Linux Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-16534 MEDIUM PATCH This Month

The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2017-16529 MEDIUM PATCH This Month

The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel +2
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2017-16527 MEDIUM PATCH This Month

sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel +2
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2017-16533 MEDIUM PATCH This Month

The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel +2
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2017-16528 MEDIUM PATCH This Month

sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel +1
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2017-16535 MEDIUM PATCH This Month

The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-16525 MEDIUM PATCH This Month

The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel +2
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2017-16531 MEDIUM PATCH This Month

drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2017-16530 MEDIUM PATCH This Month

The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2017-16537 MEDIUM PATCH This Month

The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-16536 MEDIUM PATCH This Month

The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-16532 MEDIUM PATCH This Month

The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +1
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2017-16538 MEDIUM PATCH This Month

drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-16539 MEDIUM PATCH This Month

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Moby
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy