Page 46 of 550 results (0.023 seconds)

CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 1

CVE-2017-10661 – Linux kernel < 4.10.15 - Race Condition Privilege Escalation

https://notcve.org/view.php?id=CVE-2017-10661

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. Una condición de carrera en fs/timerfd.c en el kernel Linux en versiones anteriores a la 4.10.15 permite que usuarios locales obtengan privilegios o provoquen una denegación de servicio (corrupción de lista o use-after-free) mediante operaciones simultáneas de descriptor de archivo que aprovechan la cola inadecuada might_cancel. A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use-after-free via simultaneous operations with a file descriptor which leverage improper 'might_cancel' queuing. An unprivileged local user could use this flaw to cause a denial of service of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • https://www.exploit-db.com/exploits/43345 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6 http://www.debian.org/security/2017/dsa-3981 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15 http://www.securityfocus.com/bid/100215 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:4057 https://access.redhat.com/e • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2017-1000116 – mercurial: command injection on clients through malicious ssh URLs

https://notcve.org/view.php?id=CVE-2017-1000116

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. Las versiones anteriores a la 4.3 de Mercurial no sanitizaban adecuadamente los nombres de host pasados a ssh, lo que conducía a posibles ataques de inyección de shell. A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit. • http://www.debian.org/security/2017/dsa-3963 http://www.securityfocus.com/bid/100290 https://access.redhat.com/errata/RHSA-2017:2489 https://security.gentoo.org/glsa/201709-18 https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29 https://access.redhat.com/security/cve/CVE-2017-1000116 https://bugzilla.redhat.com/show_bug.cgi?id=1479915 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0

CVE-2017-1000115 – Mercurial: pathaudit: path traversal via symlink

https://notcve.org/view.php?id=CVE-2017-1000115

Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository Las versiones anteriores a la 4.3 de Mercurial son vulnerables a una falta de comprobación de symlink. Los repositorios maliciosos pueden aprovecharse de esto para modificar archivos fuera del repositorio. A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository. • http://www.debian.org/security/2017/dsa-3963 http://www.securityfocus.com/bid/100290 https://access.redhat.com/errata/RHSA-2017:2489 https://security.gentoo.org/glsa/201709-18 https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29 https://access.redhat.com/security/cve/CVE-2017-1000115 https://bugzilla.redhat.com/show_bug.cgi?id=1480330 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 3

CVE-2017-2885 – libsoup: Stack based buffer overflow with HTTP Chunked Encoding

https://notcve.org/view.php?id=CVE-2017-2885

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de búfer basado en pila en GNOME libsoup 2.58. Una petición HTTP especialmente manipulada puede provocar un desbordamiento de pila que daría lugar a la ejecución remota de código. • http://packetstormsecurity.com/files/160388/ProCaster-LE-32F430-GStreamer-souphttpsrc-libsoup-2.51.3-Stack-Overflow.html http://seclists.org/fulldisclosure/2020/Dec/3 http://www.securityfocus.com/bid/100258 https://access.redhat.com/errata/RHSA-2017:2459 https://www.debian.org/security/2017/dsa-3929 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392 https://access.redhat.com/security/cve/CVE-2017-2885 https://bugzilla.redhat.com/show_bug.cgi?id=1479281 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2017-1000111 – kernel: Heap out-of-bounds read in AF_PACKET sockets

https://notcve.org/view.php?id=CVE-2017-1000111

Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. • http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/100267 http://www.securitytracker.com/id/1039132 https://access.redhat.com/errata/RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2931 https://access.redhat.com/errata/RHSA-2017:3200 https://access.redhat.com/security/cve/cve-2017-1000111 https://access.redhat.com/security/cve/CVE-2017-1000111 https://bugzilla.redhat.com/show_bug.cgi • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •