CVSS: 10.0EPSS: 95%CPEs: 66EXPL: 0CVE-2017-18017 – kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c
https://notcve.org/view.php?id=CVE-2017-18017
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. La función tcpmss_mangle_packet en net/netfilter/xt_TCPMSS.c en el kernel de Linux, en versiones anteriores a la 4.11 y en versiones 4.9.x anteriores a la 4.9.36, permite que atacantes remotos provoquen una denegación de servicio (uso de memoria previamente liberada y corrupción de memoria) o, posiblemente, otro tipo de impacto sin especificar aprovechando la presencia de xt_TCPMSS en una acción iptables. The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901 http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html http://lists.opensuse.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2017-10906 – fluentd: Escape sequence injection in filter_parser.rb:filter_stream can lead to arbitrary command execution when processing logs
https://notcve.org/view.php?id=CVE-2017-10906
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors. Una vulnerabilidad de inyección de secuencias de escape en Fluentd en las versiones 0.12.29 hasta la 0.12.40 podría permitir que un atacante cambie la interfaz de usuario del terminal o ejecute comandos arbitrarios en el dispositivo mediante vectores sin especificar. • https://access.redhat.com/errata/RHSA-2018:2225 https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes https://github.com/fluent/fluentd/pull/1733 https://jvn.jp/en/vu/JVNVU95124098/index.html https://access.redhat.com/security/cve/CVE-2017-10906 https://bugzilla.redhat.com/show_bug.cgi?id=1524783 • CWE-138: Improper Neutralization of Special Elements •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15114
https://notcve.org/view.php?id=CVE-2017-15114
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes. Cuando libvirtd es configurado por OSP director (tripleo-heat-templates) para usar el transporte TLS, vuelve por defecto a la misma autoridad de certificado que todos los servicios que no pertenecen a libvirtd. Como no se configura autenticación adicional, esto permite que esos servicios se conecten a libvirtd (lo que equivale al acceso root). • http://www.securityfocus.com/bid/101971 https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=994922a8ba996fe68d047df0e1486fa805dbea31 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2121 – redis: weak permissions on sensitive files
https://notcve.org/view.php?id=CVE-2016-2121
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. Se ha detectado un error de permisos en redis, lo que establece permisos débiles en ciertos archivos y directorios que podrían contener información sensible. Un usuario local sin privilegios podría emplear este error para acceder a información no autorizada del sistema. • http://www.securityfocus.com/bid/94111 https://access.redhat.com/errata/RHSA-2017:3226 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2121 https://access.redhat.com/security/cve/CVE-2016-2121 https://bugzilla.redhat.com/show_bug.cgi?id=1390588 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 0CVE-2017-10384 – mysql: Server: DDL unspecified vulnerability (CPU Oct 2017)
https://notcve.org/view.php?id=CVE-2017-10384
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.debian.org/security/2017/dsa-4002 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101406 http://www.securitytracker.com/id/1039597 https://access.redhat.com/errata/RHSA-2017:3265 https://access.redhat.com/errata/RHSA-2017:3442 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA-2018:0574 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RH •