CVSS: 9.8EPSS: 6%CPEs: 11EXPL: 0CVE-2017-15041 – golang: arbitrary code execution during "go get" or "go get -d"
https://notcve.org/view.php?id=CVE-2017-15041
05 Oct 2017 — Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repositor... • http://www.securityfocus.com/bid/101196 •
CVSS: 8.0EPSS: 2%CPEs: 43EXPL: 7CVE-2017-1000251 – Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-1000251
12 Sep 2017 — The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. La pila Bluetooth nativa en el Kernel Linux (BlueZ), comenzando por la versión 2.6.32 del kernel de Linux y hasta, e incluyendo, la versión 4.13.1, es vulnerable a un desbordamiento de pila durante el procesado de las respuestas... • https://packetstorm.news/files/id/144307 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2017-12902 – Gentoo Linux Security Advisory 201709-23
https://notcve.org/view.php?id=CVE-2017-12902
09 Sep 2017 — The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. El analizador sintáctico Zephyr en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-zephyr.c en varias funciones. Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. For the oldstable distribution (jessie), t... • http://www.debian.org/security/2017/dsa-3971 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2017-12987 – Gentoo Linux Security Advisory 201709-23
https://notcve.org/view.php?id=CVE-2017-12987
09 Sep 2017 — The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). El analizador sintáctico IEEE 802.11 en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-802_11.c:parse_elements(). Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. For the oldstable distribution (jessi... • http://www.debian.org/security/2017/dsa-3971 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2017-12896 – Gentoo Linux Security Advisory 201709-23
https://notcve.org/view.php?id=CVE-2017-12896
09 Sep 2017 — The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). El analizador sintáctico ISAKMP en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-isakmp.c:isakmp_rfc3948_print(). Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. For the oldstable distribution (jes... • http://www.debian.org/security/2017/dsa-3971 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2017-12899 – Gentoo Linux Security Advisory 201709-23
https://notcve.org/view.php?id=CVE-2017-12899
09 Sep 2017 — The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). El analizador sintáctico DECnet en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-decnet.c:decnet_print(). Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. For the oldstable distribution (jessie), these prob... • http://www.debian.org/security/2017/dsa-3971 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 5%CPEs: 25EXPL: 0CVE-2017-10664 – Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
https://notcve.org/view.php?id=CVE-2017-10664
26 Jul 2017 — qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. qemu-nbd en QEMU (Quick Emulator) no ignora la señal SIGPIPE, lo que permite a atacantes remotos provocar una denegación de servicio desconectando el proceso durante un intento de respuesta de servidor a cliente. Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash ... • http://www.debian.org/security/2017/dsa-3920 • CWE-248: Uncaught Exception •
CVSS: 5.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10053 – OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)
https://notcve.org/view.php?id=CVE-2017-10053
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Ja... • http://www.debian.org/security/2017/dsa-3919 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2017-10067 – OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)
https://notcve.org/view.php?id=CVE-2017-10067
20 Jul 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 8.3EPSS: 1%CPEs: 50EXPL: 0CVE-2017-10074 – OpenJDK: integer overflows in range check loop predicates (Hotspot, 8173770)
https://notcve.org/view.php?id=CVE-2017-10074
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signif... • http://www.debian.org/security/2017/dsa-3919 • CWE-190: Integer Overflow or Wraparound •