Awesome
LinuxFlaw
This repo records all the vulnerabilities of linux software I have reproduced in my local workspace.
If the vulnerability has both CVE-ID and EDB-ID, CVE-ID is preferred as its directory name. All the vulnerable source code packages are stored in source-packages
Vmware Workstation Images
| Image Name | username | password |
|---|---|---|
| Ubuntu 8.10 | exploit | exploit |
| Ubuntu 10.04LTS | exploit | exploit |
| CentOS 6.5 | core | core |
| CentOS 5.5 | core | core |
| Ubuntu 11.04 | dzm77 | dzm77 |
| Ubuntu 12.04 | ubuntu | ubuntu |
| Fedora | fedora | fedora |
| OpenSUSE | core | core |
| Ubuntu 14.04_core | core | core |
| Kali | root | kali |
| Ubuntu_14.04_alex | research-cve | toortoor |
| Ubuntu_14.04_pt | pt | pt |
For details of vulnerabilities(in which virtual machine, what is the reproduction workspace, etc.), please refer to virtualmachine.csv
If you encounter problems with keyword "Failed to lock files", you could try to delete any .lck or .lock files or folders in the directory of the problematic VM.
CVE-ID List
- CVE-2001-0144
- CVE-2001-0550
- CVE-2002-0656
- CVE-2002-1496
- CVE-2002-1896
- CVE-2003-0577 (Fail to reproduce)
- CVE-2004-0238
- CVE-2004-0270
- CVE-2004-0557
- CVE-2004-0597
- CVE-2004-0990
- CVE-2004-1120
- CVE-2004-1255
- CVE-2004-1256 (Fail to reproduce)
- CVE-2004-1257
- CVE-2004-1258 (Fail to reproduce)
- CVE-2004-1259 (Fail to reproduce)
- CVE-2004-1260 (Fail to reproduce)
- CVE-2004-1261
- CVE-2004-1262
- CVE-2004-1265
- CVE-2004-1266 (Fail to reproduce)
- CVE-2004-1271
- CVE-2004-1272 (Fail to reproduce)
- CVE-2004-1275
- CVE-2004-1278
- CVE-2004-1279
- CVE-2004-1283 (Fail to reproduce)
- CVE-2004-1287
- CVE-2004-1288
- CVE-2004-1289
- CVE-2004-1290
- CVE-2004-1292
- CVE-2004-1293
- CVE-2004-1297
- CVE-2004-1298
- CVE-2004-1299
- CVE-2004-1455 (Fail to reproduce)
- CVE-2004-2093
- CVE-2004-2167
- CVE-2005-0101
- CVE-2005-0199
- CVE-2005-1275
- CVE-2005-3120
- CVE-2005-3252
- CVE-2005-3862
- CVE-2005-4667
- CVE-2005-4807
- CVE-2006-0539
- CVE-2006-1148
- CVE-2006-1542
- CVE-2006-2025
- CVE-2006-2362
- CVE-2006-2465
- CVE-2006-2656
- CVE-2006-2971
- CVE-2006-3082
- CVE-2006-3124
- CVE-2006-3581
- CVE-2006-3582
- CVE-2006-3746
- CVE-2006-4018
- CVE-2006-4089
- CVE-2006-4144
- CVE-2006-4182
- CVE-2006-4812
- CVE-2006-5276
- CVE-2006-5295
- CVE-2006-5465
- CVE-2006-5815
- CVE-2006-6563
- CVE-2007-0368
- CVE-2007-1001
- CVE-2007-1286
- CVE-2007-1371
- CVE-2007-1383
- CVE-2007-1465
- CVE-2007-1777
- CVE-2007-1825
- CVE-2007-2052
- CVE-2007-2446
- CVE-2007-2683
- CVE-2007-2872
- CVE-2007-3473
- CVE-2007-3947
- CVE-2007-4060
- CVE-2007-4965
- CVE-2007-5301
- CVE-2007-5759
- CVE-2007-6015
- CVE-2007-6454
- CVE-2007-6697
- CVE-2007-6731
- CVE-2008-1721
- CVE-2008-1767
- CVE-2008-1801
- CVE-2008-1802
- CVE-2008-1887
- CVE-2008-2292 (Fail to reproduce)
- CVE-2008-2315
- CVE-2008-2316 (Fail to reproduce)
- CVE-2008-2950
- CVE-2008-3142
- CVE-2008-3143
- CVE-2008-3144 (Fail to reproduce)
- CVE-2008-4864
- CVE-2008-5031
- CVE-2008-5314
- CVE-2008-5904
- CVE-2009-1759
- CVE-2009-1886
- CVE-2009-2285
- CVE-2009-2286
- CVE-2009-3050
- CVE-2009-3586
- CVE-2009-4134
- CVE-2009-4880
- CVE-2009-4881
- CVE-2009-5018
- CVE-2010-1147
- CVE-2010-1159
- CVE-2010-1449
- CVE-2010-1450
- CVE-2010-1634
- CVE-2010-1866
- CVE-2010-2089
- CVE-2010-2481
- CVE-2010-2482
- CVE-2010-2810
- CVE-2010-2891
- CVE-2010-2959
- CVE-2010-4221
- CVE-2010-4259
- CVE-2010-4409
- CVE-2011-0420
- CVE-2011-0708
- CVE-2011-0761
- CVE-2011-1071
- CVE-2011-1092
- CVE-2011-1137
- CVE-2011-1938
- CVE-2011-5033
- CVE-2012-0809
- CVE-2012-2386
- CVE-2012-3480
- CVE-2012-4409
- CVE-2012-4412
- CVE-2012-4424
- CVE-2012-5612
- CVE-2012-5667
- CVE-2012-5867
- CVE-2013-0221
- CVE-2013-0222
- CVE-2013-0223
- CVE-2013-0722
- CVE-2013-2028
- CVE-2013-2131
- CVE-2013-3724
- CVE-2013-4123
- CVE-2013-4243
- CVE-2013-4473
- CVE-2013-4474
- CVE-2013-4788
- CVE-2013-7226
- CVE-2013-7446
- CVE-2014-0226
- CVE-2014-0749
- CVE-2014-1912
- CVE-2014-2851
- CVE-2014-4616
- CVE-2014-6277
- CVE-2014-7185
- CVE-2014-8322
- CVE-2014-8768
- CVE-2014-9295
- CVE-2015-0235
- CVE-2015-0252
- CVE-2015-1265
- CVE-2015-3205
- CVE-2015-3890
- CVE-2015-5895
- CVE-2015-7547
- CVE-2015-7805
- CVE-2015-8396
- CVE-2015-8617
- CVE-2015-8668
- CVE-2016-0728
- CVE-2016-10092
- CVE-2016-10093
- CVE-2016-10094
- CVE-2016-10095
- CVE-2016-10251
- CVE-2016-10268
- CVE-2016-10269
- CVE-2016-10270
- CVE-2016-10271
- CVE-2016-10272
- CVE-2016-2233
- CVE-2016-2563
- CVE-2016-4557
- CVE-2016-5636
- CVE-2016-6187
- CVE-2016-6516
- CVE-2016-6832 (Fail to reproduce)
- CVE-2016-7393 (Fail to reproduce)
- CVE-2016-7445
- CVE-2016-7477 (Fail to reproduce)
- CVE-2016-8655
- CVE-2016-8676
- CVE-2016-8678
- CVE-2016-8883
- CVE-2016-8887 (PoC not found)
- CVE-2016-9560
- CVE-2016-9819
- CVE-2016-9820
- CVE-2016-9821
- CVE-2017-10688
- CVE-2017-11403
- CVE-2017-12858
- CVE-2017-12936
- CVE-2017-12937
- CVE-2017-14103
- CVE-2017-14638
- CVE-2017-14639
- CVE-2017-14640
- CVE-2017-14641
- CVE-2017-14642
- CVE-2017-14643
- CVE-2017-14644
- CVE-2017-14645
- CVE-2017-14646
- CVE-2017-15020
- CVE-2017-15938
- CVE-2017-15939
- CVE-2017-5502
- CVE-2017-5852
- CVE-2017-5853
- CVE-2017-5854
- CVE-2017-5855
- CVE-2017-5886
- CVE-2017-5974
- CVE-2017-5975
- CVE-2017-5976
- CVE-2017-5977
- CVE-2017-5978
- CVE-2017-5980
- CVE-2017-6840
- CVE-2017-6842
- CVE-2017-6843
- CVE-2017-6847
- CVE-2017-6848
- CVE-2017-6850
- CVE-2017-6852
- CVE-2017-7184
- CVE-2017-7308
- CVE-2017-7378
- CVE-2017-7379
- CVE-2017-7380
- CVE-2017-7381
- CVE-2017-7382
- CVE-2017-7383
- CVE-2017-7533
- CVE-2017-7596
- CVE-2017-7597
- CVE-2017-7598
- CVE-2017-7599
- CVE-2017-7600
- CVE-2017-7601
- CVE-2017-7602
- CVE-2017-7606
- CVE-2017-8890
- CVE-2017-9038
- CVE-2017-9147
- CVE-2017-9154
- CVE-2017-9160
- CVE-2017-9162
- CVE-2017-9163
- CVE-2017-9164
- CVE-2017-9165
- CVE-2017-9166
- CVE-2017-9167
- CVE-2017-9168
- CVE-2017-9169
- CVE-2017-9170
- CVE-2017-9171
- CVE-2017-9172
- CVE-2017-9173
- CVE-2017-9174
- CVE-2017-9177
- CVE-2017-9180
- CVE-2017-9182
- CVE-2017-9183
- CVE-2017-9184
- CVE-2017-9186
- CVE-2017-9189
- CVE-2017-9190
- CVE-2017-9191
- CVE-2017-9192
- CVE-2017-9193
- CVE-2017-9194
- CVE-2017-9195
- CVE-2017-9196
- CVE-2017-9204
- CVE-2017-9205
- CVE-2017-9206
- CVE-2017-9207
- CVE-2018-9138
- CVE-2019-10269
EDB-ID List
- EDB-10334
- EDB-10617
- EDB-10634
- EDB-11644
- EDB-14083
- EDB-14452
- EDB-14904
- EDB-15054
- EDB-15062
- EDB-15705
- EDB-17611
- EDB-17806
- EDB-19987
- EDB-20479
- EDB-23523
- EDB-25411
- EDB-26915
- EDB-28679
- EDB-30142
- EDB-30648
- EDB-31761
- EDB-31915
- EDB-33251
- EDB-33949
- EDB-34164
- EDB-35450
- EDB-36024
- EDB-36229
- EDB-36388
- EDB-36881
- EDB-37546
- EDB-37743
- EDB-37777
- EDB-37975
- EDB-37987
- EDB-37988
- EDB-38597
- EDB-38616
- EDB-38617
- EDB-38681
- EDB-38685
- EDB-38857
- EDB-39285
- EDB-39406
- EDB-39502
- EDB-39673
- EDB-39692
- EDB-39733
- EDB-39734
- EDB-39747
- EDB-39764
- EDB-39800
- EDB-39810
- EDB-39842
- EDB-39875
- EDB-40023
- EDB-40025
- EDB-8205
- EDB-890
- EDB-9264
Other-ID list
-
Gentoo-Bug-70090
-
Sourceware-Bug-21877
-
Sourceware-Bug-21878
-
Sourceware-Bug-21880
-
Some vulnerabilities without CVE ID listed in Gentoo Security Blog
Classification
Stack Overflow
Heap Overflow
BSS/Data Overflow
Use-After-Free
Double Free
Invalid Free
Null Pointer
Uninitialized Memory
Stack exhaustion
Heap exhaustion
Memory Leak
Note
Enable/Disable Security mitigations
Please refer to Traditional Mitigation Repository to check security mitigations and how to enable/disable them.