CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-15087 – samba: Server memory information leak over SMB1 (incomplete fix for CVE-2017-12163)
https://notcve.org/view.php?id=CVE-2017-15087
02 Nov 2017 — It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Se descubrió que la solución para CVE-2017-12163 no se subió correctamente en la errata RHSA-2017:2858 para Red Hat Gluster Storage 3.3 para RHEL 6. Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Se... • http://www.securityfocus.com/bid/101556 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 0CVE-2017-7481 – ansible: Security issue with lookup return not tainting the jinja2 environment
https://notcve.org/view.php?id=CVE-2017-7481
18 May 2017 — Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. Ansible en versiones anteriores a la 2.3.1.0 y 2.4.0.0 no marca correctamente los resultados del plugin lookup como no seguros. Si un atacante pudiese c... • http://www.securityfocus.com/bid/98492 • CWE-20: Improper Input Validation •