CVSS: 9.8EPSS: 87%CPEs: 174EXPL: 1CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se deserializa, puede ejecutar código arbitrario. It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. • https://github.com/pimps/CVE-2017-5645 http://www.openwall.com/lists/oss-security/2019/12/19/2 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/97702 http://www.securitytracker.com/id/1040200 http://www.securit • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 10%CPEs: 47EXPL: 0CVE-2017-3136 – An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
https://notcve.org/view.php?id=CVE-2017-3136
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8. Una consulta con un conjunto determinado de características podría provocar que un servidor que emplea DNS64 se encuentre con un fallo de aserción y termine. Un atacante podría construir deliberadamente una consulta, habilitando una denegación de servicio (DoS) contra un servidor si está configurado para emplear la característica DNS64 y se cumplen otras precondiciones. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html http://www.securityfocus.com/bid/97653 http://www.securitytracker.com/id/1038259 https://access.redhat.com/errata/RHSA-2017:1095 https://access.redhat.com/errata/RHSA-2017:1105 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us https://kb.isc.org/docs/aa-01465 https://security.gentoo. • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 22%CPEs: 39EXPL: 0CVE-2017-3137 – A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
https://notcve.org/view.php?id=CVE-2017-3137
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. Las asunciones equivocadas sobre el orden de los registros en la sección de respuesta de una respuesta que contiene registros de recursos CNAME o DNAME podría conducir a una situación en la que named se cerraría con un fallo de aserción al procesar una respuesta en la que los registros ocurrieron en un orden inusual. Afecta a BIND en versiones 9.9.9-P6, desde la versión 9.9.10b1 hasta la 9.9.10rc1, la versión 9.10.4-P6, desde la versión 9.10.5b1 hasta la 9.10.5rc1, la versión 9.11.0-P3, desde la versión 9.11.1b1 hasta la 9.11.1rc1 y en la versión 9.9.9-S8. A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. • http://www.securityfocus.com/bid/97651 http://www.securitytracker.com/id/1038258 http://www.securitytracker.com/id/1040195 https://access.redhat.com/errata/RHSA-2017:1095 https://access.redhat.com/errata/RHSA-2017:1105 https://access.redhat.com/errata/RHSA-2017:1582 https://access.redhat.com/errata/RHSA-2017:1583 https://kb.isc.org/docs/aa-01466 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180802-0002 https://www.debian.org& • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 4CVE-2018-1000001 – glibc - 'realpath()' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-1000001
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. En glibc 2.26 y anteriores existe una confusión en el uso de getcwd() por realpath(), que puede emplearse para escribir antes del búfer de destino. Esto conduce a un subdesbordamiento de búfer y a una potencial ejecución de código. glibc suffers from a getcwd() local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/44889 https://www.exploit-db.com/exploits/43775 https://github.com/0x00-0x00/CVE-2018-1000001 https://github.com/usernameid0/tools-for-CVE-2018-1000001 http://seclists.org/oss-sec/2018/q1/38 http://www.securityfocus.com/bid/102525 http://www.securitytracker.com/id/1040162 https://access.redhat.com/errata/RHSA-2018:0805 https://security.netapp.com/advisory/ntap-20190404-0003 https://usn.ubuntu.com/3534-1 https://usn.ubuntu.com • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2017-15129 – kernel: net: double-free and memory corruption in get_net_ns_by_id()
https://notcve.org/view.php?id=CVE-2017-15129
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. Se ha descubierto una vulnerabilidad en los nombres de espacio de red que afecta al kernel de Linux en versiones anteriores a la 4.14.11. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0 http://seclists.org/oss-sec/2018/q1/7 http://www.securityfocus.com/bid/102485 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/security/cve/CVE-2017-15129 https://bugzilla.redhat.com/show_bug.cgi& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •