CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 1CVE-2017-16612 – Debian Security Advisory 4059-1
https://notcve.org/view.php?id=CVE-2017-16612
29 Nov 2017 — libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. libXcursor en versiones anteriores a la 1.1.15 tiene varios desbordamientos de enteros que podrían provocar desbordamientos de búfer basados en memoria dinámica (heap) cuando se procesan cursores maliciosos, por ejemplo, con prog... • http://security.cucumberlinux.com/security/details.php?id=156 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 0CVE-2017-14176 – Debian Security Advisory 4052-1
https://notcve.org/view.php?id=CVE-2017-14176
27 Nov 2017 — Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. Bazaar hasta la versión 2.7.0, cuando se utiliza un subproceso SSH, perote que atacantes remotos ejecuten comandos arbitrarios mediante una URL bzr+ssh con un carácter guión inicial en el nombre del host. Esta vulnerabi... • http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html •
CVSS: 7.5EPSS: 43%CPEs: 15EXPL: 0CVE-2017-15275 – samba: Server heap-memory disclosure
https://notcve.org/view.php?id=CVE-2017-15275
21 Nov 2017 — Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. Las versiones anteriores a la 4.7.3 de Samba podrían permitir que atacantes remotos obtengan información sensible aprovechando el error del servidor para borrar la memoria dinámica (heap) asignada. A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-c... • http://www.securityfocus.com/bid/101908 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 36%CPEs: 16EXPL: 0CVE-2017-14746 – samba: Use-after-free in processing SMB1 requests
https://notcve.org/view.php?id=CVE-2017-14746
21 Nov 2017 — Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. Vulnerabilidad de uso de memoria previamente liberada en las versiones 4.x de Samba anteriores a la 4.7.3 permiten que atacantes remotos ejecuten código arbitrario mediante una petición SMB1. A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash... • http://www.securityfocus.com/bid/101907 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 189EXPL: 16CVE-2017-16544 – Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
https://notcve.org/view.php?id=CVE-2017-16544
20 Nov 2017 — In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. En la función add_match en libbb/lineedit.c en BusyBox hasta la versión 1.27.2, la característica de autocompletar pestañas del shell, empleada para obtener una lista d... • https://packetstorm.news/files/id/167552 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 2%CPEs: 7EXPL: 0CVE-2017-16845 – Ubuntu Security Notice USN-3575-2
https://notcve.org/view.php?id=CVE-2017-16845
17 Nov 2017 — hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. hw/input/ps2.c en Qemu no valida los valores "rptr" y "count" durante la migración de invitado, lo que da lugar a un acceso fuera de límites. USN-3575-1 fixed vulnerabilities in QEMU. The fix for CVE-2017-11334 caused a regression in Xen environments. This update removes the problematic fix pending further investigation. It was discovered that QEMU incorrectly handled guest ram. • http://www.securityfocus.com/bid/101923 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-14177 – Ubuntu Security Notice USN-3480-2
https://notcve.org/view.php?id=CVE-2017-14177
16 Nov 2017 — Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. Apport, hasta la versión 2.20.7, no gestiona adecuadamente lo volcados de núcleo de binarios setuid, lo que permite que los usuarios locales creen ciertos archivos como root. Un ... • https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-14180 – Ubuntu Security Notice USN-3480-2
https://notcve.org/view.php?id=CVE-2017-14180
16 Nov 2017 — Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. Apport 2.13 hasta la versión 2.20.7 no gestiona adecuadamente los cierres inesperados provenientes de un espacio de nombre PID, lo que permite que los usuarios locales creen ciertos archivos como r... • https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2017-15115 – Ubuntu Security Notice USN-3581-1
https://notcve.org/view.php?id=CVE-2017-15115
15 Nov 2017 — The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. La función sctp_do_peeloff en net/sctp/socket.c en el kernel de Linux en versiones anteriores a la 4.14 no comprueba si el netns planeado se emplea en una acción peel-off, lo que permite que usuarios lo... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 339EXPL: 0CVE-2016-1255 – Ubuntu Security Notice USN-3476-2
https://notcve.org/view.php?id=CVE-2016-1255
09 Nov 2017 — The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. El script pg_ctlcluster en el paquete postgresql-commo... • http://www.ubuntu.com/usn/USN-3476-1 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •