CVSS: 4.9EPSS: 0%CPEs: 17EXPL: 0CVE-2017-3641 – mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3641
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.debian.org/security/2017/dsa-3922 http://www.debian.org/security/2017/dsa-3944 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/99767 http://www.securitytracker.com/id/1038928 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA-2018:0574 https://access.redhat.com/errata/RHSA& •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2622 – openstack-mistral: /var/log/mistral/ is world readable
https://notcve.org/view.php?id=CVE-2017-2622
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. Se ha encontrado un fallo de accesibilidad en el servicio de OpenStack Workflow (mistral) en el que un directorio de registro de servicio se hacía legible para todos los usuarios de manera incorrecta. Un usuario malicioso del sistema podría explotar esta vulnerabilidad para acceder a información confidencial. • https://access.redhat.com/errata/RHSA-2017:1584 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2622 https://access.redhat.com/security/cve/CVE-2017-2622 https://bugzilla.redhat.com/show_bug.cgi?id=1420992 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2017-2673 – openstack-keystone: Incorrect role assignment with federated Keystone
https://notcve.org/view.php?id=CVE-2017-2673
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles. Se ha descubierto un error de comprobación de autorización en las configuraciones de federación del servicio Identity de OpenStack (keystone). Un usuario autenticado federado podría solicitar permisos para un proyecto y, de forma no intencionada, se le proporcionarían todos los roles relacionados, incluyendo los roles administrativos. • http://seclists.org/oss-sec/2017/q2/125 http://www.securityfocus.com/bid/98032 https://access.redhat.com/errata/RHSA-2017:1461 https://access.redhat.com/errata/RHSA-2017:1597 https://bugs.launchpad.net/keystone/+bug/1677723 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673 https://access.redhat.com/security/cve/CVE-2017-2673 https://bugzilla.redhat.com/show_bug.cgi?id=1439586 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2017-9214 – openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function
https://notcve.org/view.php?id=CVE-2017-9214
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. En Open vSwitch (OvS) versión 2.7.0, mientras analiza un mensaje OFPT_QUEUE_GET_CONFIG_REPLY tipo OFP versión 1.0, se presenta una lectura excesiva búfer causada por un desbordamiento de enteros sin signo en la función “ofputil_pull_queue_get_config_reply10” en la biblioteca “lib/ofp-util.c”. An unsigned integer wrap around that led to a buffer over-read was found when parsing OFPT_QUEUE_GET_CONFIG_REPLY messages in Open vSwitch (OvS). An attacker could use this issue to cause a remote denial of service attack. • https://access.redhat.com/errata/RHSA-2017:2418 https://access.redhat.com/errata/RHSA-2017:2553 https://access.redhat.com/errata/RHSA-2017:2648 https://access.redhat.com/errata/RHSA-2017:2665 https://access.redhat.com/errata/RHSA-2017:2692 https://access.redhat.com/errata/RHSA-2017:2698 https://access.redhat.com/errata/RHSA-2017:2727 https://lists.debian.org/debian-lts-announce/2021/02/msg00032.html https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html https • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7466 – ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587)
https://notcve.org/view.php?id=CVE-2017-7466
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. Ansible en versiones anteriores a la 2.3 tiene una vulnerabilidad de validación de entradas en la gestión de datos enviados desde los sistemas del cliente. Un atacante que tenga el control de un sistema de cliente gestionado por Ansible y la capacidad de enviar hechos de vuelta al servidor de Ansible podría usar este error para ejecutar código arbitrario en el servidor de Ansible utilizando los privilegios del servidor de Ansible. An input validation vulnerability was found in Ansible's handling of data sent from client systems. • http://www.securityfocus.com/bid/97595 https://access.redhat.com/errata/RHSA-2017:1244 https://access.redhat.com/errata/RHSA-2017:1334 https://access.redhat.com/errata/RHSA-2017:1476 https://access.redhat.com/errata/RHSA-2017:1499 https://access.redhat.com/errata/RHSA-2017:1599 https://access.redhat.com/errata/RHSA-2017:1685 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7466 https://access.redhat.com/security/cve/CVE-2017-7466 https://bugzilla.redhat.com/sho • CWE-20: Improper Input Validation •