Page 26 of 312 results (0.016 seconds)

CVSS: 5.3EPSS: 1%CPEs: 28EXPL: 0

CVE-2017-3142 – An error in TSIG authentication can permit unauthorized zone transfers

https://notcve.org/view.php?id=CVE-2017-3142

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. Un atacante que pueda enviar y recibir mensajes a un servidor DNS autoritativo y que conozca un nombre de clave TSIG válido podría ser capaz de omitir la autenticación TSIG de las peticiones AXFE mediante un paquete de petición cuidadosamente construido. Un servidor que solo depende de las claves TSIG para protegerse sin ningún otro mecanismo de protección de listas de control de acceso podría manipularse para: proporcionar el AXFR de una zona a un destinatario no autorizado o aceptar paquetes NOTIFY falsos. • http://www.securityfocus.com/bid/99339 http://www.securitytracker.com/id/1038809 https://access.redhat.com/errata/RHSA-2017:1679 https://access.redhat.com/errata/RHSA-2017:1680 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us https://kb.isc.org/docs/aa-01504 https://security.netapp.com/advisory/ntap-20190830-0003 https://www.debian.org/security/2017/dsa-3904 https://access.redhat.com/security/cve/CVE-2017-3142 https:/ • CWE-20: Improper Input Validation CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2017-9776 – poppler: Integer overflow in JBIG2Stream.cc

https://notcve.org/view.php?id=CVE-2017-9776

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. Un desbordamiento de enteros que conduce a un desbordamiento de búfer basado en memoria dinámica (heap) en JBIG2Stream.cc en pdftocairo en Poppler en versiones anteriores a la 0.56 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, cualquier otro tipo de problema mediante un documento PDF modificado. An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. • http://www.securityfocus.com/bid/99240 https://access.redhat.com/errata/RHSA-2017:2550 https://access.redhat.com/errata/RHSA-2017:2551 https://bugs.freedesktop.org/show_bug.cgi?id=101541 https://www.debian.org/security/2018/dsa-4079 https://access.redhat.com/security/cve/CVE-2017-9776 https://bugzilla.redhat.com/show_bug.cgi?id=1466443 • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0

CVE-2017-9775 – poppler: Stack-buffer overflow in GfxState.cc

https://notcve.org/view.php?id=CVE-2017-9775

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. Un desbordamiento de búfer basado en pila en JBIG2Stream.cc en pdftocairo en Poppler en versiones anteriores a la 0.56 permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante un documento PDF modificado. A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. • http://www.securityfocus.com/bid/99241 https://access.redhat.com/errata/RHSA-2017:2551 https://bugs.freedesktop.org/show_bug.cgi?id=101540 https://www.debian.org/security/2018/dsa-4079 https://access.redhat.com/security/cve/CVE-2017-9775 https://bugzilla.redhat.com/show_bug.cgi?id=1466442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 7.5EPSS: 27%CPEs: 39EXPL: 0

CVE-2017-7668 – httpd: ap_find_token() buffer overread

https://notcve.org/view.php?id=CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. Los cambios en el análisis sintáctico estricto de HTTP añadidos en las versiones 2.2.32 y 2.4.24 de Apache httpd introdujeron un error en el análisis de listas de tokens. Esto permite que ap_find_token() busque más allá del final de la cadena de entrada. Un atacante puede conseguir causar un fallo de segmentación o forzar a que ap_find_token() devuelva un valor incorrecto mediante la manipulación de una secuencia de cabeceras de peticiones con fines maliciosos. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99137 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b%40%3Cdev.httpd. • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •

CVSS: 9.8EPSS: 1%CPEs: 35EXPL: 0

CVE-2017-3167 – httpd: ap_get_basic_auth_pw() authentication bypass

https://notcve.org/view.php?id=CVE-2017-3167

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. En Apache httpd, en versiones 2.2.x anteriores a la 2.2.33 y versiones 2.4.x anteriores a la 2.4.26, el uso de ap_get_basic_auth_pw() por parte de módulos de terceros fuera de la fase de autenticación puede dar lugar a que se omitan requisitos de autenticación.. It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99135 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://access.redhat.com/errata/RHS • CWE-287: Improper Authentication •