Page 14 of 312 results (0.021 seconds)

CVSS: 7.5EPSS: 5%CPEs: 72EXPL: 0

CVE-2017-3145 – Improper fetch cleanup sequencing in the resolver can cause named to crash

https://notcve.org/view.php?id=CVE-2017-3145

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. BIND secuenciaba incorrectamente las operaciones de limpieza en contextos fetch de recursión ascendente, lo que conduce en algunos casos a un error de uso de memoria previamente liberada que puede desencadenar un fallo de aserción y un cierre inesperado en named. Afecta a BIND desde la versión 9.0.0 hasta la versión 9.8.x, desde la versión 9.9.0 hasta la versión 9.9.11, desde la versión 9.10.0 hasta la versión 9.10.6, desde la versión 9.11.0 hasta la versión 9.11.2, desde la versión 9.9.3-S1 hasta la versión 09.9.11-S1, desde la versión 9.10.5-S1 hasta la versión 9.10.6-S1 y desde la 9.12.0a1 hasta la 9.12.0rc1. A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. • http://www.securityfocus.com/bid/102716 http://www.securitytracker.com/id/1040195 https://access.redhat.com/errata/RHSA-2018:0101 https://access.redhat.com/errata/RHSA-2018:0102 https://access.redhat.com/errata/RHSA-2018:0487 https://access.redhat.com/errata/RHSA-2018:0488 https://kb.isc.org/docs/aa-01542 https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html https://security.netapp.com/advisory/ntap-20180117-0003 https://supportportal.juniper.net/s/article/ • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0

CVE-2018-5345 – gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution

https://notcve.org/view.php?id=CVE-2018-5345

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. Atacantes maliciosos pueden explotar un desbordamiento de búfer basado en pila en GNOME gcab hasta la versión 0.7.4 para provocar un cierre inesperado o, potencialmente, ejecutar código arbitrario mediante un archivo .cab manipulado. • https://access.redhat.com/errata/RHSA-2018:0350 https://bugzilla.redhat.com/show_bug.cgi?id=1527296 https://usn.ubuntu.com/3546-1 https://www.debian.org/security/2018/dsa-4095 https://access.redhat.com/security/cve/CVE-2018-5345 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 95%CPEs: 66EXPL: 0

CVE-2017-18017 – kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c

https://notcve.org/view.php?id=CVE-2017-18017

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. La función tcpmss_mangle_packet en net/netfilter/xt_TCPMSS.c en el kernel de Linux, en versiones anteriores a la 4.11 y en versiones 4.9.x anteriores a la 4.9.36, permite que atacantes remotos provoquen una denegación de servicio (uso de memoria previamente liberada y corrupción de memoria) o, posiblemente, otro tipo de impacto sin especificar aprovechando la presencia de xt_TCPMSS en una acción iptables. The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901 http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html http://lists.opensuse.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 9.3EPSS: 89%CPEs: 17EXPL: 1

CVE-2017-17405 – Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - 'NET::Ftp' Command Injection

https://notcve.org/view.php?id=CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. Ruby en versiones anteriores a la 2.4.3 permite la inyección de comandos Net::FTP. • https://www.exploit-db.com/exploits/43381 http://www.securityfocus.com/bid/102204 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0584 https://access.redhat.com/errata/RHSA-2018:0585 https://access.redhat.com/errata/RHSA-2019:2806 https://lists.debian.org/debian-lts-announce/2017/12/msg00024.html https://lists.debian.org/debian-lts-announce • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2017-1000410 – kernel: Stack information leak in the EFS element

https://notcve.org/view.php?id=CVE-2017-1000410

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. • http://seclists.org/oss-sec/2017/q4/357 http://www.securityfocus.com/bid/102101 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://access.redhat.com/errata/RHSA-2018:1319 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •