CVE-2017-9462 – mercurial: Python debugger accessible to authorized users
https://notcve.org/view.php?id=CVE-2017-9462
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. En Mercurial, en versiones anteriores a la 4.1.3, \"hg serve --stdio\" permite que usuarios autenticados remotos inicien el depurador de Python y, como consecuencia, ejecuten código arbitrario utilizando --debugger como nombre del repositorio. A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options. • http://www.debian.org/security/2017/dsa-3963 http://www.securityfocus.com/bid/99123 https://access.redhat.com/errata/RHSA-2017:1576 https://bugs.debian.org/861243 https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html https://security.gentoo.org/glsa/201709-18 https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499 https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29 https://access.redhat.com/security/cve/CVE-2017-9462 https: • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2017-9461 – samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks
https://notcve.org/view.php?id=CVE-2017-9461
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. smbd en Samba versiones anteriores a 4.4.10 y 4.5.x versiones anteriores a 4.5.6, tienen una vulnerabilidad de denegación de servicio (fd_open_atomic infinite loop con un alto uso de CPU y consumo de memoria) debido a un manejo inadecuado de los enlaces simbólicos colgantes. A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. • http://www.securityfocus.com/bid/99455 https://access.redhat.com/errata/RHSA-2017:1950 https://access.redhat.com/errata/RHSA-2017:2338 https://access.redhat.com/errata/RHSA-2017:2778 https://bugs.debian.org/864291 https://bugzilla.samba.org/show_bug.cgi?id=12572 https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310 https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html https://access.redhat.com/security/cve/CVE-2017-9461 https: • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-9287 – openldap: Double free vulnerability in servers/slapd/back-mdb/search.c
https://notcve.org/view.php?id=CVE-2017-9287
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. servers/slapd/back-mdb/search.c en OpenLDAP hasta la versión 2.4.44 es propenso a una doble vulnerabilidad de liberación de memoria. Un usuario con acceso para buscar en el directorio puede hacer que slapd deje de funcionar al emitir una búsqueda que incluya el control Paged Results con un tamaño de página de 0. A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. • http://www.debian.org/security/2017/dsa-3868 http://www.openldap.org/its/?findid=8655 http://www.securityfocus.com/bid/98736 http://www.securitytracker.com/id/1038591 https://access.redhat.com/errata/RHSA-2017:1852 https://bugs.debian.org/863563 https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2017-9287 https://bugzilla.redhat.com/show_bug.cgi?id=1456712 • CWE-415: Double Free CWE-416: Use After Free •
CVE-2017-7980 – Qemu: display: cirrus: OOB r/w access issues in bitblt routines
https://notcve.org/view.php?id=CVE-2017-7980
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoquen una denegación de servicio (DoS) mediante vectores relacionados con un cliente VNC que actualiza su display después de una operación VGA. An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://ubuntu.com/usn/usn-3289-1 http://www.openwall.com/lists/oss-security/2017/04/21/1 http://www.securityfocus.com/bid/102129 http://www.securityfocus.com/bid/97955 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0988 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2016-9583 – jasper: integer overflows leading to out of bounds read in packet iterators in JPC decoder
https://notcve.org/view.php?id=CVE-2016-9583
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. Se ha detectado una vulnerabilidad de lectura de memoria dinámica (heap) fuera de límites en la función jpc_pi_nextpcrl() de jasper en versiones anteriores a la 2.0.6 al procesar entradas manipuladas. • http://www.securityfocus.com/bid/94925 https://access.redhat.com/errata/RHSA-2017:1208 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9583 https://github.com/mdadams/jasper/commit/aa0b0f79ade5eef8b0e7a214c03f5af54b36ba7d https://github.com/mdadams/jasper/commit/f25486c3d4aa472fec79150f2c41ed4333395d3d https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://access.redhat.com/security/cve/CVE-2016-9583 https://bugzilla.redhat.com/show_bug.cgi?id=1405148 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •