CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-12448 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-12448
04 Aug 2017 — The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c. La función bfd_cache_close en b... • https://sourceware.org/bugzilla/show_bug.cgi?id=21787 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12459 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-12459
04 Aug 2017 — The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. La función bfd_mach_o_read_symtab_strtab en bfd/mach-o.c en la librería Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.29 y anteriores, permite que atacantes remotos ... • https://sourceware.org/bugzilla/show_bug.cgi?id=21840 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12455 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-12455
04 Aug 2017 — The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file. La función evax_bfd_print_emh en vms-alpha.c en la librería Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.29 y anteriores, permite que atacantes remotos provoquen una lectura de memoria dinámica fuera de límites... • https://sourceware.org/bugzilla/show_bug.cgi?id=21840 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12456 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-12456
04 Aug 2017 — The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file. La función read_symbol_stabs_debugging_info en rddbg.c en GNU Binutils 2.29 y anteriores permite que atacantes remotos provoquen una lectura de memoria dinámica fuera de límites mediante un archivo binario manipulado. USN-4336-1 fixed several vulnerabilities in GNU binutils. This update provides the corresponding update for Ubuntu 16... • https://security.gentoo.org/glsa/201801-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12450 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-12450
04 Aug 2017 — The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file. La función alpha_vms_object_p en bfd/vms-alpha.c de la librería Binary File Descriptor (BFD), también llamada libbfd, tal y como se distribuye en GNU Binutils 2.29 y anteriores, permite que atacantes remotos provoquen una escri... • https://sourceware.org/bugzilla/show_bug.cgi?id=21813 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12454 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-12454
04 Aug 2017 — The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file. La función _bfd_vms_slurp_egsd en bfd/vms-alpha.c en la librería Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.29 y anteriores, permite que atacantes remotos provoquen una lectura de memoria arbitraria median... • https://sourceware.org/bugzilla/show_bug.cgi?id=21813 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12452 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2017-12452
04 Aug 2017 — The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file. La función bfd_mach_o_i386_canonicalize_one_reloc en bfd/mach-o-i386.c en la librería Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.29 y anteriores, permite que atacantes remotos provoquen una lec... • https://sourceware.org/bugzilla/show_bug.cgi?id=21813 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12132 – glibc: Fragmentation attacks possible when EDNS0 is enabled
https://notcve.org/view.php?id=CVE-2017-12132
01 Aug 2017 — The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. La herramienta de resolución de zonas stub de DNS en la librería GNU C, también conocida como glibc o libc6, en sus versiones anteriores a la 2.26 cuando el soporte EDNS está activado, solicitará respuestas UDP de gran tamaño de servidores de nombres, pudiendo simpl... • http://www.securityfocus.com/bid/100598 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.6EPSS: 0%CPEs: 13EXPL: 0CVE-2017-11671 – gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics
https://notcve.org/view.php?id=CVE-2017-11671
26 Jul 2017 — Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. Bajo ciertas circunstancias, la función ix86_expand_builtin en el archivo i386.... • http://openwall.com/lists/oss-security/2017/07/27/2 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11112 – Gentoo Linux Security Advisory 201804-13
https://notcve.org/view.php?id=CVE-2017-11112
08 Jul 2017 — In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. En ncurses versión 6.0, hay un intento de acceso 0xffffffffffffffffff en la función append_acs del archivo tinfo/parse_entry.c. Podría conllevar a un ataque remoto de denegación de servicio si el código de la biblioteca terminfo se utiliza para procesar datos terminfo no s... • https://bugzilla.redhat.com/show_bug.cgi?id=1464686 • CWE-20: Improper Input Validation •