CVSS: 6.8EPSS: 1%CPEs: 85EXPL: 0CVE-2017-13084 – Slackware Security Advisory - wpa_supplicant Updates
https://notcve.org/view.php?id=CVE-2017-13084
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave STK (Transient Key) STSL (Station-To-Station-Link) durante la negociación PeerKey, haciendo que un atacante que se sitúe dentro del radio reproduzca, descifre o suplante frames. New wpa_supplicant packages are avai... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13088 – wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
https://notcve.org/view.php?id=CVE-2017-13088
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11v permite la reinstalación de la clave temporal GTK (Integrity Group Temporal Key) cuando se procesa un frame Wireless Network Management (WNM) Sleep Mode Respons... • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15037
https://notcve.org/view.php?id=CVE-2017-15037
05 Oct 2017 — In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character. En FreeBSD hasta la versión 11.1, la función smb_strdupin en sys/netsmb/smb_subr.c tiene una condición de carrera con una lectura fuera de límites porque puede hace que les falten el carácter "\0" a las cadenas t2p->t_name. • http://www.securityfocus.com/bid/101191 • CWE-125: Out-of-bounds Read CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.1EPSS: 5%CPEs: 10EXPL: 0CVE-2017-11103 – Apple Security Advisory 2017-10-31-2
https://notcve.org/view.php?id=CVE-2017-11103
13 Jul 2017 — Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimd... • http://www.debian.org/security/2017/dsa-3912 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 38%CPEs: 1EXPL: 5CVE-2017-1084 – FreeBSD - 'FGPE' Stack Clash (PoC)
https://notcve.org/view.php?id=CVE-2017-1084
29 Jun 2017 — In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow. En FreeBSD en versiones anteriores a la 11.2-RELEASE, múltiples problemas con la implementación de la página guard de la pila reducen las protecciones de la página guard. Esto resulta en la posibilidad de que un proceso mal escrito provoque un desbordamiento de pila. • https://packetstorm.news/files/id/143199 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-1085 – FreeBSD - 'setrlimit' Stack Clash (PoC)
https://notcve.org/view.php?id=CVE-2017-1085
29 Jun 2017 — In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context. En FreeBSD en versiones anteriores a la 11.2-RELEASE, una aplicación que llama a setrlimit() para incrementar RLIMIT_STACK podría hacer que una región de memoria de solo lectura bajo la pila pase a ser una región de lectura y escritura. Un ej... • https://packetstorm.news/files/id/143197 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1083 – Qualys Security Advisory - the Stack Clash
https://notcve.org/view.php?id=CVE-2017-1083
20 Jun 2017 — In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow. En FreeBSD en versiones anteriores a la 11.2-RELEASE, una página guard de pila está disponible, pero está deshabilitada por defecto. Esto resulta en la posibilidad de que un proceso mal escrito provoque un desbordamiento de pila Qualys has released a large amount of research surrounding the use of stack clash vulnerabilities and... • https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 4EXPL: 0CVE-2017-1081 – FreeBSD Security Advisory - FreeBSD-SA-17:04.ipfilter
https://notcve.org/view.php?id=CVE-2017-1081
27 Apr 2017 — In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling. En FreeBSD, en versiones anteriores a la 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE y 10.3-RELEASE-p19, cuando ipfilter emplea las opciones "keep state" o "keep frags", puede provocar un pánico del kernel cuando se le alimentan fragmentos de paquetes manipulados debido a l... • http://www.securityfocus.com/bid/98089 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 8.8EPSS: 15%CPEs: 62EXPL: 2CVE-2016-5766 – gd: Integer overflow in _gd2GetHeader() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5766
26 Jun 2016 — Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. Desbordamiento de entero en la función _gd2GetHeader en gd_gd2.c en la GD Graphics Library (también conocido como libgd) en versiones anter... • http://github.com/php/php-src/commit/7722455726bec8c53458a32851d2a87982cf0eac?w=1 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 1%CPEs: 125EXPL: 0CVE-2016-2518 – ntp: out-of-bounds references on crafted packet
https://notcve.org/view.php?id=CVE-2016-2518
02 May 2016 — The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. La función MATCH_ASSOC en NTP en versiones anteriores 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.92 permite a atacantes remotos provocar una referencia fuera de los límites a través de una solicitud addpeer con un valor hmode grande. An out-of-bounds access flaw was found in the way ntpd processed certain packets. An au... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html • CWE-125: Out-of-bounds Read •