CVSS: 9.8EPSS: 8%CPEs: 8EXPL: 0CVE-2017-16548
https://notcve.org/view.php?id=CVE-2017-16548
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. La función receive_xattr en xattrs.c en rsync 3.1.2 y 3.1.3-development no comprueba un carácter final '\0' en un nombre xattr, lo que permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en memoria dinámica o heap y cierre inesperado de la aplicación) o, posiblemente, causen otros impactos no especificados enviando datos manipulados al demonio. • https://bugzilla.samba.org/show_bug.cgi?id=13112 https://git.samba.org/rsync.git/?p=rsync.git%3Ba=commit%3Bh=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 https://lists.debian.org/debian-lts-announce/2017/12/msg00020.html https://usn.ubuntu.com/3543-1 https://usn.ubuntu.com/3543-2 https://www.debian.org/security/2017/dsa-4068 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0CVE-2017-16525
https://notcve.org/view.php?id=CVE-2017-16525
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. La función usb_serial_console_disconnect en drivers/usb/serial/console.c en el kernel de Linux, en versiones anteriores a la 4.13.8, permite que los usuarios locales provoquen una denegación de servicio (uso de memoria previamente liberada y cierre inesperado del sistema) o, posiblemente, causen otros impactos no especificados mediante llamadas del sistema manipuladas. Esto está relacionado con desconexión y fallo de instalación. • http://www.securityfocus.com/bid/102028 https://github.com/torvalds/linux/commit/299d7572e46f98534033a9e65973f13ad1ce9047 https://github.com/torvalds/linux/commit/bd998c2e0df0469707503023d50d46cf0b10c787 https://groups.google.com/d/msg/syzkaller/cMACrmo1x0k/4KhRoUgABAAJ https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 30%CPEs: 54EXPL: 3CVE-2017-14491 – Dnsmasq < 2.78 - 2-byte Heap Overflow
https://notcve.org/view.php?id=CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada. A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. Dnsmasq versions prior to 2.78 suffer from a 2-byte heap-based overflow vulnerability. • https://www.exploit-db.com/exploits/42941 https://github.com/skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4560 http://nvidia.custhelp.com/a • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2015-3643 – usb-creator 0.2.x (Ubuntu 12.04/14.04/14.10) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3643
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method. usb-creator en versiones anteriores a 0.2.38.3ubuntu0.1 en Ubuntu 12.04 LTS, en versiones anteriores a 0.2.56.3ubuntu0.1 en Ubuntu 14.04 LTS, en versiones anteriores a 0.2.62ubuntu0.3 en Ubuntu 14.10 y en versiones anteriores a 0.2.67ubuntu0.1 en Ubuntu 15.04 permite que los usuarios locales obtengan privilegios aprovechando que el método KVMTest se olvida de llamar a la función check_polkit. • https://www.exploit-db.com/exploits/36820 http://www.openwall.com/lists/oss-security/2015/04/22/12 http://www.openwall.com/lists/oss-security/2015/05/04/3 http://www.securityfocus.com/bid/74304 https://bazaar.launchpad.net/~usb-creator-hackers/usb-creator/trunk/revision/470 https://usn.ubuntu.com/usn/usn-2576-1 https://usn.ubuntu.com/usn/usn-2576-2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12153
https://notcve.org/view.php?id=CVE-2017-12153
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. Se descubrió un fallo de seguridad en la función nl80211_set_rekey_data() en net/wireless/nl80211.c en el kernel de Linux hasta la versión 4.13.3. La función no comprueba si los atributos requeridos están presentes en una petición Netlink. • http://seclists.org/oss-sec/2017/q3/437 http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/100855 https://bugzilla.novell.com/show_bug.cgi?id=1058410 https://bugzilla.redhat.com/show_bug.cgi?id=1491046 https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=e785fa0a164aa11001cba931367c7f94ffaff888 https://marc.info/?t=150525503100001&r=1&w=2 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 • CWE-476: NULL Pointer Dereference •