CVSS: 7.5EPSS: 34%CPEs: 39EXPL: 0CVE-2017-3137 – A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
https://notcve.org/view.php?id=CVE-2017-3137
14 Apr 2017 — Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8. Las asunciones equivocadas sobre el orden de los registros en la sección de respuesta de una respuesta que c... • http://www.securityfocus.com/bid/97651 • CWE-617: Reachable Assertion •
CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 1CVE-2016-9591 – jasper: use-after-free / double-free in JPC encoder
https://notcve.org/view.php?id=CVE-2016-9591
07 Apr 2017 — JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. JasPer, en versiones anteriores a la 2.0.12, es vulnerable a un uso de memoria previamente liberada en la forma en la que descifra ciertos archivos de imagen JPEG 2000. Esto resulta en un cierre inesperado de la aplicación que esté usando JasPer. A use-after-free flaw was found in the way JasPer, before version 2.0.12, decode certain JPEG 20... • http://www.securityfocus.com/bid/94952 • CWE-416: Use After Free •
CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-1000407 – Kernel: KVM: DoS via write flood to I/O port 0x80
https://notcve.org/view.php?id=CVE-2017-1000407
03 Apr 2017 — The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. El kernel de Linux en versiones 2.6.32 y posteriores se ha visto afectado por una denegación de servicio (DoS): al inundar el puerto de diagnóstico 0x80 puede ocurrir una excepción que conduce a una situación de pánico del kernel. Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a... • http://www.openwall.com/lists/oss-security/2017/12/04/2 • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.7EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1000026 – kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet
https://notcve.org/view.php?id=CVE-2018-1000026
03 Apr 2017 — Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. El kernel de Linux, al menos desde la versión v4.8, contiene una vulnerabilidad de validación de entradas in... • http://lists.openwall.net/netdev/2018/01/16/40 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 10EXPL: 2CVE-2016-9573 – openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm()
https://notcve.org/view.php?id=CVE-2016-9573
23 Mar 2017 — An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. Se ha detectado una vulnerabilidad de lectura fuera de límites en OpenJPEG 2.1.2, en la herramienta j2k_to_image. La conversión de un archivo JPEG2000 especialmente manipulado a otro formato podría provocar que la aplicación se cierre inesperadamente o, potencialmente, ... • http://rhn.redhat.com/errata/RHSA-2017-0838.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2017-2616 – util-linux: Sending SIGKILL to other processes with root privileges via su
https://notcve.org/view.php?id=CVE-2017-2616
21 Mar 2017 — A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. Se ha encontrado una condición de carrera en util-linux en versiones anteriores a la 2.32.1 en la forma en la que "su" manejaba los procesos hijo. Un atacante local autenticado podría usar este defecto para matar otros procesos con privilegios de root bajo condiciones específi... • http://rhn.redhat.com/errata/RHSA-2017-0654.html • CWE-267: Privilege Defined With Unsafe Actions CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 65%CPEs: 11EXPL: 1CVE-2017-5030 – Google Chromium V8 Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2017-5030
14 Mar 2017 — Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. El manejo incorrecto de especies complejas en V8 de Google Chrome anteriores a 57.0.2987.98 para Linux, Windows y Mac y 57.0.2987.108 para Android permitió a un atacante remoto ejecutar código arbitrario a través de una página HTML especialmente diseñada. This vulnerability allows remote attac... • http://rhn.redhat.com/errata/RHSA-2017-0499.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2017-2640 – pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML
https://notcve.org/view.php?id=CVE-2017-2640
14 Mar 2017 — An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process. Se ha encontrado una vulnerabilidad de escritura fuera de límites en el modo en que Pidgin en versiones anteriores a la 2.12.0 procesaba el contenido XML. Un servidor remoto malicioso podría usar esta vulnerabilidad para provocar el cierre inesperado de Pidgin o ejecutar código ar... • http://www.securityfocus.com/bid/96775 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 12EXPL: 0CVE-2017-5029 – chromium-browser: integer overflow in libxslt
https://notcve.org/view.php?id=CVE-2017-5029
14 Mar 2017 — The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. La función xsltAddTextString en transform.c en libxslt 1.1.29, tal como se utiliza en Blink en Google Chrome anteriores a 57.0.2987.98 para Mac, Windows y Linux y 57.0.298... • http://rhn.redhat.com/errata/RHSA-2017-0499.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5033 – chromium-browser: bypass of content security policy in blink
https://notcve.org/view.php?id=CVE-2017-5033
14 Mar 2017 — Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page, related to the unsafe-inline keyword. Blink en Google Chrome, en versiones anteriores a la 57.0.2987.98 para Mac, Windows y Linux y 57.0.2987.108 para Android, no propagaba correctamente las restricciones CSP a las páginas de temas locales, lo que ... • http://rhn.redhat.com/errata/RHSA-2017-0499.html • CWE-281: Improper Preservation of Permissions •