CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2017-12896
https://notcve.org/view.php?id=CVE-2017-12896
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). El analizador sintáctico ISAKMP en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-isakmp.c:isakmp_rfc3948_print(). • http://www.debian.org/security/2017/dsa-3971 http://www.securitytracker.com/id/1039307 http://www.tcpdump.org/tcpdump-changes.txt https://access.redhat.com/errata/RHEA-2018:0705 https://github.com/the-tcpdump-group/tcpdump/commit/4e430c6b0d8b7e77c7abca7e7afb0c3e727502f2 https://github.com/the-tcpdump-group/tcpdump/commit/f76e7feb41a4327d2b0978449bbdafe98d4a3771 https://security.gentoo.org/glsa/201709-23 https://support.apple.com/HT208221 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2017-12902
https://notcve.org/view.php?id=CVE-2017-12902
The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. El analizador sintáctico Zephyr en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-zephyr.c en varias funciones. • http://www.debian.org/security/2017/dsa-3971 http://www.securitytracker.com/id/1039307 http://www.tcpdump.org/tcpdump-changes.txt https://access.redhat.com/errata/RHEA-2018:0705 https://github.com/the-tcpdump-group/tcpdump/commit/6ec0c6fa63412c7a07a5bcb790a529c3563b4173 https://github.com/the-tcpdump-group/tcpdump/commit/d17507ffa3e9742199b02a66aa940e79ababfa30 https://security.gentoo.org/glsa/201709-23 https://support.apple.com/HT208221 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2017-12987
https://notcve.org/view.php?id=CVE-2017-12987
The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). El analizador sintáctico IEEE 802.11 en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-802_11.c:parse_elements(). • http://www.debian.org/security/2017/dsa-3971 http://www.securitytracker.com/id/1039307 http://www.tcpdump.org/tcpdump-changes.txt https://access.redhat.com/errata/RHEA-2018:0705 https://github.com/the-tcpdump-group/tcpdump/commit/2ecb9d2c67d9119250c54811a6ce4d0f2ddf44f1 https://github.com/the-tcpdump-group/tcpdump/commit/99798bd9a41bd3d03fdc1e949810a38967f20ed3 https://security.gentoo.org/glsa/201709-23 https://support.apple.com/HT208221 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2017-12899
https://notcve.org/view.php?id=CVE-2017-12899
The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). El analizador sintáctico DECnet en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-decnet.c:decnet_print(). • http://www.debian.org/security/2017/dsa-3971 http://www.securitytracker.com/id/1039307 http://www.tcpdump.org/tcpdump-changes.txt https://access.redhat.com/errata/RHEA-2018:0705 https://github.com/the-tcpdump-group/tcpdump/commit/c6e0531b5def26ecf912e8de6ade86cbdaed3751 https://github.com/the-tcpdump-group/tcpdump/commit/f96003b21e2abfbba59b926b10a7f9bc7d11e36c https://security.gentoo.org/glsa/201709-23 https://support.apple.com/HT208221 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 13EXPL: 1CVE-2017-0899 – rubygems: Escape sequence in the "summary" field of gemspec
https://notcve.org/view.php?id=CVE-2017-0899
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. RubyGems 2.6.12 y anteriores es vulnerable a especificaciones de gemas manipuladas maliciosamente que incluyen caracteres de escapada de terminal. Imprimir la especificación de las gemas ejecutaría secuencias de escapada de terminal. A vulnerability was found where rubygems did not properly sanitize gems' specification text. • http://blog.rubygems.org/2017/08/27/2.6.13-released.html http://www.securityfocus.com/bid/100576 http://www.securitytracker.com/id/1039249 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1 https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491 https • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-138: Improper Neutralization of Special Elements CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •