CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2017-16612
https://notcve.org/view.php?id=CVE-2017-16612
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. libXcursor en versiones anteriores a la 1.1.15 tiene varios desbordamientos de enteros que podrían provocar desbordamientos de búfer basados en memoria dinámica (heap) cuando se procesan cursores maliciosos, por ejemplo, con programas como GIMP. También es posible que exista un vector de ataque contra el código relacionado en cursor/xcursor.c en Wayland hasta la versión 1.14.0. • http://security.cucumberlinux.com/security/details.php?id=156 http://www.openwall.com/lists/oss-security/2017/11/28/6 http://www.ubuntu.com/usn/USN-3501-1 https://bugzilla.suse.com/show_bug.cgi?id=1065386 https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38 https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 https://lists.debian.org/debian-lts-announce/2017/12/msg00002.html https://lists.freedesktop.org/arc • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-16611
https://notcve.org/view.php?id=CVE-2017-16611
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. En libXfont en versiones anteriores a la 1.5.4 y libXfont2 en versiones anteriores a la 2.0.3, un atacante local puede abrir (pero no leer) archivos en el sistema como root, desencadenando rebobinados de cinta, watchdogs o mecanismos similares que se pueden desencadenar abriendo archivos. • http://security.cucumberlinux.com/security/details.php?id=155 http://www.openwall.com/lists/oss-security/2017/11/28/7 http://www.ubuntu.com/usn/USN-3500-1 https://bugzilla.suse.com/show_bug.cgi?id=1050459 https://lists.debian.org/debian-lts-announce/2022/01/msg00028.html https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2 https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2 https://security.gentoo.org/glsa/201801-10 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 2CVE-2017-15118 – QEMU - NBD Server Long Export Name Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-15118
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en pila en la implementación de servidor NBD en qemu en versiones anteriores a la 2.11, permitiendo a un cliente solicitar un nombre de exportación de hasta 4096 bytes, que de hecho debería estar limitado a 256 bytes, provocando una escritura de pila fuera de límites en el proceso qemu. Si el servidor NBD requiere TLS, el atacante no puede activar el desbordamiento del búfer sin haber negociado primero con éxito el TLS. A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, allowing causing an out-of-bounds stack write in the qemu process. • https://www.exploit-db.com/exploits/43194 http://www.openwall.com/lists/oss-security/2017/11/28/8 http://www.securityfocus.com/bid/101975 https://access.redhat.com/errata/RHSA-2018:1104 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118 https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html https://usn.ubuntu.com/3575-1 https://access.redhat.com/security/cve/CVE-2017-15118 https://bugzilla.redhat.com/show_bug.cgi?id=1516922 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-14176
https://notcve.org/view.php?id=CVE-2017-14176
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. Bazaar hasta la versión 2.7.0, cuando se utiliza un subproceso SSH, perote que atacantes remotos ejecuten comandos arbitrarios mediante una URL bzr+ssh con un carácter guión inicial en el nombre del host. Esta vulnerabilidad está relacionada con CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116 y CVE-2017-1000117. • http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html http://www.ubuntu.com/usn/usn-3411-1 https://bugs.debian.org/874429 https://bugs.launchpad.net/bzr/+bug/1710979 https://bugzilla.redhat.com/show_bug.cgi?id=1486685 https://bugzilla.suse.com/show_bug.cgi?id=1058214 https://www.debian.org/security/2017/dsa-4052 •
CVSS: 7.5EPSS: 91%CPEs: 15EXPL: 0CVE-2017-15275 – samba: Server heap-memory disclosure
https://notcve.org/view.php?id=CVE-2017-15275
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. Las versiones anteriores a la 4.7.3 de Samba podrían permitir que atacantes remotos obtengan información sensible aprovechando el error del servidor para borrar la memoria dinámica (heap) asignada. A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server. • http://www.securityfocus.com/bid/101908 http://www.securitytracker.com/id/1039855 http://www.ubuntu.com/usn/USN-3486-1 http://www.ubuntu.com/usn/USN-3486-2 https://access.redhat.com/errata/RHSA-2017:3260 https://access.redhat.com/errata/RHSA-2017:3261 https://access.redhat.com/errata/RHSA-2017:3278 https://lists.debian.org/debian-lts-announce/2017/11/msg00029.html https://security.gentoo.org/glsa/201805-07 https://support.hpe.com/hpsc/doc/public/display?docLoc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •