CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-15121 – kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
https://notcve.org/view.php?id=CVE-2017-15121
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. Un usuario sin privilegios puede montar un sistema de archivos en el espacio de usuario (FUSE) en RHEL 6 o 7 y provocar el cierre inesperado del sistema si una aplicación hace un agujero en un archivo que no termina alineado con un límite de página. • http://www.securityfocus.com/bid/102128 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1854 https://bugzilla.redhat.com/show_bug.cgi?id=1520893 https://support.f5.com/csp/article/K42142782?utm_source=f5support&%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2017-15121 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 58EXPL: 0CVE-2017-15095 – jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)
https://notcve.org/view.php?id=CVE-2017-15095
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.8.10 y a la 2.9.1, que podría permitir que un usuario no autenticado ejecute código enviando las entradas maliciosamente manipuladas al método readValue de ObjectMapper. Este problema amplía el error previo de CVE-2017-7525 metiendo en la lista negra más clases que podrían emplearse de forma maliciosa. A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103880 http://www.securitytracker.com/id/1039769 https://access.redhat.com/errata/RHSA-2017:3189 https://access.redhat.com/errata/RHSA-2017:3190 https://access.redhat.com/errata/RHSA-2018:0342 https://access.redhat.com/errata/RHSA-2018: • CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2017-12613 – apr: Out-of-bounds array deref in apr_time_exp*() functions
https://notcve.org/view.php?id=CVE-2017-12613
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. Cuando las funciones apr_time_exp*() o apr_os_exp_time*() se invocan con un valor del campo no válido en Apache Portable Runtime APR 1.6.2 y anteriores, se podría acceder a la memoria fuera de límites convirtiendo este valor en un valor apr_time_exp_t, revelando potencialmente el contenido de otro valor de memoria dinámica estática. También podría desembocar en la terminación del programa, representando una vulnerabilidad de divulgación de información o de denegación de servicio en aplicaciones que llaman a esas funciones APR con entradas externas no validadas. An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. • http://www.apache.org/dist/apr/Announcement1.x.html http://www.openwall.com/lists/oss-security/2021/08/23/1 http://www.securityfocus.com/bid/101560 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3270 https://access.redhat.com/errata/RHSA-2017:3475 https://access.redhat.com/errata/RHSA-2017:3476 https://access.redhat.com/errata/RHSA-2017:3477 https://access.redhat.com/errata/RHSA-2018:0316 https://access.redhat.com/errata/RHSA • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2017-7793 – Mozilla: Use-after-free with Fetch API (MFSA 2017-22)
https://notcve.org/view.php?id=CVE-2017-7793
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada en la API Fetch cuando el trabajador o la ventana asociada se liberan mientras siguen en uso, lo que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 56, Firefox ESR en versiones anteriores a la 52.4 y Thunderbird en versiones anteriores a la 52.4. • http://www.securityfocus.com/bid/101055 http://www.securitytracker.com/id/1039465 https://access.redhat.com/errata/RHSA-2017:2831 https://access.redhat.com/errata/RHSA-2017:2885 https://bugzilla.mozilla.org/show_bug.cgi?id=1371889 https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3987 https://www.debian.org/security/2017/dsa-4014 https://www.mozilla.org/security/advisor • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-2582 – keycloak: SAML request parser replaces special strings with system properties
https://notcve.org/view.php?id=CVE-2017-2582
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. Se ha descubierto que cuando se analizan los mensajes SAML, la clase StaxParserUtil de keycloak en versiones anteriores a la 2.5.1 reemplaza cadenas especiales para obtener valores de atributos con la propiedad del sistema. Esto podría permitir que un atacante determine valores de las propiedades del sistema en el sistema atacado formateando el campo ID de petición SAML para que sea la propiedad del sistema elegida, la cual se puede obtener en el campo "InResponseTO" en la respuesta. It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. • http://www.securityfocus.com/bid/101046 http://www.securitytracker.com/id/1041707 https://access.redhat.com/errata/RHSA-2017:2808 https://access.redhat.com/errata/RHSA-2017:2809 https://access.redhat.com/errata/RHSA-2017:2810 https://access.redhat.com/errata/RHSA-2017:2811 https://access.redhat.com/errata/RHSA-2017:3216 https://access.redhat.com/errata/RHSA-2017:3217 https://access.redhat.com/errata/RHSA-2017:3218 https://access.redhat.com/errata/RHSA-2017:3219 https: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •