CVSS: 7.5EPSS: 22%CPEs: 39EXPL: 0CVE-2017-3137 – A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
https://notcve.org/view.php?id=CVE-2017-3137
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. Las asunciones equivocadas sobre el orden de los registros en la sección de respuesta de una respuesta que contiene registros de recursos CNAME o DNAME podría conducir a una situación en la que named se cerraría con un fallo de aserción al procesar una respuesta en la que los registros ocurrieron en un orden inusual. Afecta a BIND en versiones 9.9.9-P6, desde la versión 9.9.10b1 hasta la 9.9.10rc1, la versión 9.10.4-P6, desde la versión 9.10.5b1 hasta la 9.10.5rc1, la versión 9.11.0-P3, desde la versión 9.11.1b1 hasta la 9.11.1rc1 y en la versión 9.9.9-S8. A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. • http://www.securityfocus.com/bid/97651 http://www.securitytracker.com/id/1038258 http://www.securitytracker.com/id/1040195 https://access.redhat.com/errata/RHSA-2017:1095 https://access.redhat.com/errata/RHSA-2017:1105 https://access.redhat.com/errata/RHSA-2017:1582 https://access.redhat.com/errata/RHSA-2017:1583 https://kb.isc.org/docs/aa-01466 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180802-0002 https://www.debian.org& • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 4CVE-2018-1000001 – glibc - 'realpath()' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-1000001
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. En glibc 2.26 y anteriores existe una confusión en el uso de getcwd() por realpath(), que puede emplearse para escribir antes del búfer de destino. Esto conduce a un subdesbordamiento de búfer y a una potencial ejecución de código. glibc suffers from a getcwd() local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/44889 https://www.exploit-db.com/exploits/43775 https://github.com/0x00-0x00/CVE-2018-1000001 https://github.com/usernameid0/tools-for-CVE-2018-1000001 http://seclists.org/oss-sec/2018/q1/38 http://www.securityfocus.com/bid/102525 http://www.securitytracker.com/id/1040162 https://access.redhat.com/errata/RHSA-2018:0805 https://security.netapp.com/advisory/ntap-20190404-0003 https://usn.ubuntu.com/3534-1 https://usn.ubuntu.com • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2017-15129 – kernel: net: double-free and memory corruption in get_net_ns_by_id()
https://notcve.org/view.php?id=CVE-2017-15129
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. Se ha descubierto una vulnerabilidad en los nombres de espacio de red que afecta al kernel de Linux en versiones anteriores a la 4.14.11. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0 http://seclists.org/oss-sec/2018/q1/7 http://www.securityfocus.com/bid/102485 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/security/cve/CVE-2017-15129 https://bugzilla.redhat.com/show_bug.cgi& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1000407 – Kernel: KVM: DoS via write flood to I/O port 0x80
https://notcve.org/view.php?id=CVE-2017-1000407
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. El kernel de Linux en versiones 2.6.32 y posteriores se ha visto afectado por una denegación de servicio (DoS): al inundar el puerto de diagnóstico 0x80 puede ocurrir una excepción que conduce a una situación de pánico del kernel. Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. • http://www.openwall.com/lists/oss-security/2017/12/04/2 http://www.securityfocus.com/bid/102038 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2019:1170 https://access.redhat.com/security/cve/cve-2017-1000407 https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 https://usn.ubuntu.com/3617-1 https&# • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2017-3157 – libreoffice: Arbitrary file disclosure in Calc and Writer
https://notcve.org/view.php?id=CVE-2017-3157
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back. Mediante la explotación de la forma en la que las versiones anteriores a la 4.1.4 de Apache OpenOffice renderizan objetos embebidos, un atacante podría manipular un documento que permite leer en un archivo del sistema de archivos del usuario. El atacante podría recuperar información mediante el uso de, por ejemplo, secciones ocultas para almacenar la información, engañando al usuario para que guarde el documento y convenciéndolo para que envíe de nuevo el documento al atacante. • http://www.securityfocus.com/bid/96402 http://www.securitytracker.com/id/1037893 https://access.redhat.com/errata/RHSA-2017:0914 https://access.redhat.com/errata/RHSA-2017:0979 https://www.debian.org/security/2017/dsa-3792 https://www.openoffice.org/security/cves/CVE-2017-3157.html https://access.redhat.com/security/cve/CVE-2017-3157 https://bugzilla.redhat.com/show_bug.cgi?id=1425844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •