CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7543 – openstack-neutron: iptables not active after update
https://notcve.org/view.php?id=CVE-2017-7543
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. Se ha descubierto una condición de carrera en openstack-neutron en versiones anteriores a la 7.2.0-12.1, 8.x anteriores a la 8.3.0-11.1, 9.x anteriores a la 9.3.1-2.1 y 10.x anteriores a la 10.0.2-1.1, cuando, siguiendo a una actualización overcloud menor, los grupos de seguridad neutron estaban deshabilitados. De manera específica, lo siguiente se ha reiniciado a 0: net.bridge.bridge-nf-call-ip6tables y net.bridge.bridge-nf-call-iptables. • http://www.securityfocus.com/bid/100237 https://access.redhat.com/errata/RHSA-2017:2447 https://access.redhat.com/errata/RHSA-2017:2448 https://access.redhat.com/errata/RHSA-2017:2449 https://access.redhat.com/errata/RHSA-2017:2450 https://access.redhat.com/errata/RHSA-2017:2451 https://access.redhat.com/errata/RHSA-2017:2452 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7543 https://access.redhat.com/security/cve/CVE-2017-7543 https://bugzilla.redhat.com/sh • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 4%CPEs: 25EXPL: 0CVE-2017-10664 – Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
https://notcve.org/view.php?id=CVE-2017-10664
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. qemu-nbd en QEMU (Quick Emulator) no ignora la señal SIGPIPE, lo que permite a atacantes remotos provocar una denegación de servicio desconectando el proceso durante un intento de respuesta de servidor a cliente. Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). • http://www.debian.org/security/2017/dsa-3920 http://www.openwall.com/lists/oss-security/2017/06/29/1 http://www.securityfocus.com/bid/99513 https://access.redhat.com/errata/RHSA-2017:2390 https://access.redhat.com/errata/RHSA-2017:2445 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RH • CWE-248: Uncaught Exception •
CVSS: 3.5EPSS: 0%CPEs: 20EXPL: 0CVE-2017-3653 – mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3653
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). • http://www.debian.org/security/2017/dsa-3922 http://www.debian.org/security/2017/dsa-3944 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/99810 http://www.securitytracker.com/id/1038928 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA-2018:0574 https://access.redhat.com/errata/RHSA& •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2017-3636 – mysql: Client programs unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3636
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). • http://www.debian.org/security/2017/dsa-3922 http://www.debian.org/security/2017/dsa-3944 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/99736 http://www.securitytracker.com/id/1038928 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA-2018:0574 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA& •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2017-3651 – mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3651
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). • http://rhn.redhat.com/errata/RHSA-2016-2927.html http://rhn.redhat.com/errata/RHSA-2016-2928.html http://www.debian.org/security/2017/dsa-3922 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/99802 http://www.securitytracker.com/id/1038928 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/errat •