CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5336 – gnutls: Stack overflow in cdk_pk_get_keyid
https://notcve.org/view.php?id=CVE-2017-5336
13 Jan 2017 — Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. El desbordamiento de búfer basado en la pila en la función cdk_pk_get_keyid en lib/opencdk/pubkey.c en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permite a atacantes remotos tener un impacto no especificado a través de un certificado OpenPGP manipulado. Ste... • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2017-5334 – gnutls: Double-free while decoding crafted X.509 certificates
https://notcve.org/view.php?id=CVE-2017-5334
13 Jan 2017 — Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. La vulnerabilidad de liberación doble en la función gnutls_x509_ext_import_proxy de GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permite a los atacantes remotos tener un impacto no especificado a ... • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5337 – gnutls: Heap read overflow in read-packet.c
https://notcve.org/view.php?id=CVE-2017-5337
13 Jan 2017 — Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. Múltiples desbordamientos de búfer basados en memoria dinámica en la función read_attribute en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permiten a los atacantes remotos tener un impacto no especificado a través de un certificado OpenPGP manipulado. Stefan Buehler discovere... • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 0CVE-2017-5335 – gnutls: Out of memory while parsing crafted OpenPGP certificate
https://notcve.org/view.php?id=CVE-2017-5335
13 Jan 2017 — The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. Las funciones de lectura de flujo en lib/opencdk/read-packet.c en GnuTLS en versiones anteriores a 3.3.26 y 3.5.x en versiones anteriores a 3.5.8 permiten a atacantes remotos provocar una denegación de servicio (fallo de memoria y error) Certificado OpenPGP. Stefan Buehler discovered tha... • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-8605
https://notcve.org/view.php?id=CVE-2016-8605
12 Jan 2017 — The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. • http://www.openwall.com/lists/oss-security/2016/10/12/1 • CWE-275: Permission Issues •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-8606
https://notcve.org/view.php?id=CVE-2016-8606
12 Jan 2017 — The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. El servidor REPL (--listen) en GNU Guile 2.0.12 permite a un atacante ejecutar código arbitrario a través de un ataque interprotocolo HTTP. • http://www.openwall.com/lists/oss-security/2016/10/12/2 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0CVE-2016-9401 – bash: popd controlled free
https://notcve.org/view.php?id=CVE-2016-9401
02 Jan 2017 — popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. popd en bash podrían permitir a usuarios locales eludir el shell restringido y provocar un uso después de liberación de memoria a través de una dirección manipulada. A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. The bash packages provi... • http://rhn.redhat.com/errata/RHSA-2017-0725.html • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-7543 – bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution
https://notcve.org/view.php?id=CVE-2016-7543
02 Jan 2017 — Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. Bash en versiones anteriores a 4.4 permite a usuarios locales ejecutar comandos arbitrarios con privilegios root a través de variables de entorno SHELLOPTS y PS4 manipuladas. An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written set... • http://rhn.redhat.com/errata/RHSA-2017-0725.html • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-0634 – bash: Arbitrary code execution via malicious hostname
https://notcve.org/view.php?id=CVE-2016-0634
13 Dec 2016 — The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. La expansión de \h en la línea de comandos en bash 4.3 permite a los usuarios autenticados remotos ejecutar código arbitrario mediante metacaracteres shell ubicados en 'hostname' de la máquina. An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to exec... • http://rhn.redhat.com/errata/RHSA-2017-0725.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 2CVE-2016-6321 – GNU tar 1.29 Extract Pathname Bypass
https://notcve.org/view.php?id=CVE-2016-6321
27 Oct 2016 — Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER. Vulnerabilidad de salto de directorio en la función safer_name_suffix en GNU tar 1.14 hasta la versión 1.29 podrían permitir a atacantes remotos eludir un mecanismo de protección previsto y escribir en archivos arbitarios ... • https://packetstorm.news/files/id/139370 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •