CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6594
https://notcve.org/view.php?id=CVE-2017-6594
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. El código de validación de ruta de tránsito en Heimdal en versiones anteriores a la 7.3 podría permitir que atacantes omitan el mecanismo de protección de política capath aprovechándose del error a la hora de añadir el dominio de salto anterior a la ruta de tránsito de tickets emitidos. • http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html http://www.h5l.org/advisories.html?show=2017-04-13 https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837 https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0 • CWE-295: Improper Certificate Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 2CVE-2017-8871 – libcroco 0.6.12 - Denial of Service
https://notcve.org/view.php?id=CVE-2017-8871
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. La función cr_parser_parse_selector_core en el archivo cr-parser.c en libcroco versión 0.6.12 permite a los atacantes remotos causar una denegación de servicio (bucle infinito y consumo de la CPU) por medio de un archivo CSS creado. • https://www.exploit-db.com/exploits/42147 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html http://www.openwall.com/lists/oss-security/2020/08/13/3 https://bugzilla.gnome.org/show_bug.cgi?id=782649 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2017-8834 – Libcroco 0.6.12 Denial Of Service
https://notcve.org/view.php?id=CVE-2017-8834
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. La función cr_tknzr_parse_comment en el archivo cr-tknzr.c en libcroco versión 0.6.12 permite a los atacantes remotos causar una denegación de servicio (error de asignación de memoria) por medio de un archivo CSS creado. The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco version 0.6.12 can cause a denial of service (memory allocation error) via a crafted CSS file. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00043.html http://www.openwall.com/lists/oss-security/2020/08/13/3 https://bugzilla.gnome.org/show_bug.cgi?id=782647 https://www.exploit-db.com/exploits/42147 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17806 – kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17806
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. La implementación HMAC (crypto/hmac.c) en el kernel de Linux en versiones anteriores a la 4.14.8 no valida que el algoritmo de hash criptográfico subyacente no tenga clave, lo que permite que un atacante local capaz de utilizar la interfaz hash basada en AF_ALG (CONFIG_CRYPTO_USER_API_HASH) y el algoritmo hash basado en SHA-3 (CONFIG_CRYPTO_SHA3) provoque un desbordamiento de búfer de pila de kernel ejecutando una secuencia manipulada de llamadas al sistema para encontrar una inicialización SHA-3 ausente. The HMAC implementation (crypto/hmac.c) in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed. This allows a local attacker, able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://www.securityfocus. • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2017-17805 – kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service
https://notcve.org/view.php?id=CVE-2017-17805
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. El algoritmo de cifrado Salsa20 en el kernel de Linux en versiones anteriores a la 4.14.8 no maneja correctamente las entradas de longitud cero, lo que permite a un atacante local capaz de utilizar la interfaz skcipher basada en AF_ALG (CONFIG_CRYPTO_USER_API_SKCIPHER) provocar una denegación de servicio (liberación de memoria no inicializada y fallo del kernel) o provocar otro impacto no especificado ejecutando una secuencia manipulada de llamadas al sistema que utilizan la API blkcipher_walk. Tanto la implementación genérica (crypto/salsa20_generic.c) como la implementación x86 (arch/x86/crypto/salsa20_glue.c) de Salsa20 eran vulnerables. The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://www.securityfocus. • CWE-20: Improper Input Validation •