Page 26 of 490 results (0.018 seconds)

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-15097 – postgresql: Start scripts permit database administrator to modify root-owned files

https://notcve.org/view.php?id=CVE-2017-15097

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Se encontraron vulnerabilidades de escalado de privilegios en los scripts de inicialización de Red Hat de PostgreSQL. Un atacante con acceso a la cuenta de usuario de postgres podría usar estas vulnerabilidades para obtener acceso root en la máquina del servidor. • http://www.securitytracker.com/id/1039983 https://access.redhat.com/errata/RHSA-2017:3402 https://access.redhat.com/errata/RHSA-2017:3403 https://access.redhat.com/errata/RHSA-2017:3404 https://access.redhat.com/errata/RHSA-2017:3405 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097 https://access.redhat.com/security/cve/CVE-2017-15097 https://bugzilla.redhat.com/show_bug.cgi?id=1508985 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2017-1000410 – kernel: Stack information leak in the EFS element

https://notcve.org/view.php?id=CVE-2017-1000410

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. • http://seclists.org/oss-sec/2017/q4/357 http://www.securityfocus.com/bid/102101 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://access.redhat.com/errata/RHSA-2018:1319 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2017-15101 – liblouis: incomplete fix for CVE-2014-8184

https://notcve.org/view.php?id=CVE-2017-15101

A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution. Se ha detectado que faltaba un parche para un desbordamiento de búfer basado en pila en findTable() en la versión Red Hat de liblouis en versiones anteriores a la la 2.5.4. Un atacante podría provocar una denegación de servicio (DoS) o incluso ejecutar código arbitrario. A missing fix for one stack-based buffer overflow in findTable() for CVE-2014-8184 was discovered. • https://access.redhat.com/errata/RHSA-2017:3384 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15101 https://access.redhat.com/security/cve/CVE-2017-15101 https://bugzilla.redhat.com/show_bug.cgi?id=1511023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 1

CVE-2017-7843 – Mozilla: Web worker in Private Browsing mode can write IndexedDB data

https://notcve.org/view.php?id=CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1. Cuando se utiliza el modo Navegación Privada, es posible que un trabajador web escriba datos persistentes en IndexedDB y realice fingerprinting en un usuario de forma única. IndexedDB no debería estar disponible en modo Navegación Privada y estos datos almacenados persistirán en varias sesiones en modo Navegación Privada porque no se borran al cerrar. • http://www.securityfocus.com/bid/102039 http://www.securityfocus.com/bid/102112 http://www.securitytracker.com/id/1039954 https://access.redhat.com/errata/RHSA-2017:3382 https://bugzilla.mozilla.org/show_bug.cgi?id=1410106 https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html https://www.debian.org/security/2017/dsa-4062 https://www.mozilla.org/security/advisories/mfsa2017-27 https://www.mozilla.org/security/advisories/mfsa2017-28 https://access.redhat.com/securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2017-12173 – sssd: unsanitized input when searching in local cache database

https://notcve.org/view.php?id=CVE-2017-12173

It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. Se ha encontrado que la función sysdb_search_user_by_upn_res() de sssd en versiones anteriores a la 1.16.0 no saneaba las peticiones al consultar su caché local y era vulnerable a inyecciones. En un entorno de inicio de sesión centralizado, si un hash de contraseña se almacenaba en la caché local de un usuario determinado, un atacante autenticado podía utilizar este error para recuperarlo. It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. • https://access.redhat.com/errata/RHSA-2017:3379 https://access.redhat.com/errata/RHSA-2018:1877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173 https://access.redhat.com/security/cve/CVE-2017-12173 https://bugzilla.redhat.com/show_bug.cgi?id=1498173 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •