CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1000407 – Kernel: KVM: DoS via write flood to I/O port 0x80
https://notcve.org/view.php?id=CVE-2017-1000407
03 Apr 2017 — The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. El kernel de Linux en versiones 2.6.32 y posteriores se ha visto afectado por una denegación de servicio (DoS): al inundar el puerto de diagnóstico 0x80 puede ocurrir una excepción que conduce a una situación de pánico del kernel. Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a... • http://www.openwall.com/lists/oss-security/2017/12/04/2 • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.7EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1000026 – kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet
https://notcve.org/view.php?id=CVE-2018-1000026
03 Apr 2017 — Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. El kernel de Linux, al menos desde la versión v4.8, contiene una vulnerabilidad de validación de entradas in... • http://lists.openwall.net/netdev/2018/01/16/40 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 10EXPL: 2CVE-2016-9573 – openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm()
https://notcve.org/view.php?id=CVE-2016-9573
23 Mar 2017 — An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. Se ha detectado una vulnerabilidad de lectura fuera de límites en OpenJPEG 2.1.2, en la herramienta j2k_to_image. La conversión de un archivo JPEG2000 especialmente manipulado a otro formato podría provocar que la aplicación se cierre inesperadamente o, potencialmente, ... • http://rhn.redhat.com/errata/RHSA-2017-0838.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2017-2616 – util-linux: Sending SIGKILL to other processes with root privileges via su
https://notcve.org/view.php?id=CVE-2017-2616
21 Mar 2017 — A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. Se ha encontrado una condición de carrera en util-linux en versiones anteriores a la 2.32.1 en la forma en la que "su" manejaba los procesos hijo. Un atacante local autenticado podría usar este defecto para matar otros procesos con privilegios de root bajo condiciones específi... • http://rhn.redhat.com/errata/RHSA-2017-0654.html • CWE-267: Privilege Defined With Unsafe Actions CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5035 – chromium-browser: incorrect security ui in omnibox
https://notcve.org/view.php?id=CVE-2017-5035
14 Mar 2017 — Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. En Google Chrome versiones anteriores a 57.0.2987.98 para Windows y Mac, se ocasiona una condición de carrera que podría causar que Chrome muestre información de certificado incorrecta de un sitio. Multiple vulnerabilities were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially expl... • http://rhn.redhat.com/errata/RHSA-2017-0499.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5043 – chromium-browser: use after free in guestview
https://notcve.org/view.php?id=CVE-2017-5043
14 Mar 2017 — Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. Chrome Apps de Google Chrome versiones anteriores a 57.0.2987.98 para Linux, Windows y Mac, debido a un fallo de uso después de liberación en GuestView, permitiría a un atacante remoto leer la memoria fuera de los límites a través de una extensión de Chrome especialmente diseñada. Chromium... • http://rhn.redhat.com/errata/RHSA-2017-0499.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5042 – chromium-browser: incorrect handling of cookies in cast
https://notcve.org/view.php?id=CVE-2017-5042
14 Mar 2017 — Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent. Cast en Google Chrome versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android envía cookies a sitios descubiertos a través de SSDP, hecho que permitiría a un atacante en el segmento de re... • http://rhn.redhat.com/errata/RHSA-2017-0499.html • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.5EPSS: 3%CPEs: 11EXPL: 0CVE-2017-5040 – chromium-browser: information disclosure in v8
https://notcve.org/view.php?id=CVE-2017-5040
14 Mar 2017 — V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page. V8 de Google Chrome en versiones anteriores a 57.0.2987.98 para Mac, Windows y Linux y versión 57.0.2987.108 para Android no realiza un chequeo que podría permitir a un atacante remoto leer valores en memoria a través de una página HTML especialmente diseñada. Multiple vulnerabilities were discover... • http://rhn.redhat.com/errata/RHSA-2017-0499.html •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5038 – chromium-browser: use after free in guestview
https://notcve.org/view.php?id=CVE-2017-5038
14 Mar 2017 — Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. Chrome Apps de Google Chrome versiones anteriores a 57.0.2987.98 para Linux, Windows y Mac, debido a un fallo de uso después de liberación en GuestView, permitiría a un atacante remoto leer la memoria fuera de los límites a través de una extensión de Chrome especialmente diseñada. Chromium... • http://rhn.redhat.com/errata/RHSA-2017-0499.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5033 – chromium-browser: bypass of content security policy in blink
https://notcve.org/view.php?id=CVE-2017-5033
14 Mar 2017 — Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword. Blink en Google Chrome, en versiones anteriores a la 57.0.2987.98 para Mac, Windows y Linux y 57.0.2987.108 para Android, no propagaba correctamente las restricciones CSP a las páginas de temas locales, lo que ... • http://rhn.redhat.com/errata/RHSA-2017-0499.html • CWE-281: Improper Preservation of Permissions •