Log

CVE-2017-0367 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ MediaWiki before 1.28.1 uses the default system temporary directory for the LocalisationCache directory, allowing a local attacker to execute arbitrary code as the web user by crafting a cache file whose content will be passe to unserialize().
References
+ https://phabricator.wikimedia.org/T161453
+ https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
Notes
CVE-2017-0368 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ MediaWiki < 1.28.1 did not properly mark system messages as raw HTML, hence not properly escaping it.
References
+ https://phabricator.wikimedia.org/T156184
+ https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
Notes
CVE-2017-0369 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ In MediaWiki < 1.28.1, a normal sysop that doesn't have the necessary rights to override a page protection can still recreate it by restoring a former revision of that page.
References
+ https://phabricator.wikimedia.org/T108138
+ https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
Notes
CVE-2017-0370 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Insufficient validation
Description
+ The spam blacklist in MediaWiki before 1.28.1 could be bypassed by encoding URLs inside a file inclusion syntax's link parameter.
References
+ https://phabricator.wikimedia.org/T48143
+ https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
Notes
CVE-2017-0372 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ The SyntaxHighlight extension in MediaWiki before 1.28.1 does not properly validate the 'start' parameter before passing it to Pygments.
References
+ https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
+ https://phabricator.wikimedia.org/T158689
Notes
+ Apparently the fix is _not_, I repeat _not_, included in the 1.28.1 tarball: https://phabricator.wikimedia.org/T158689
CVE-2017-0375 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.
References
+ https://trac.torproject.org/projects/tor/ticket/22493
+ https://github.com/torproject/tor/commit/79b59a2dfcb68897ee89d98587d09e55f07e68d7
Notes
+ introduced in 0.3.0.1-alpha
CVE-2017-0376 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.
References
+ https://trac.torproject.org/projects/tor/ticket/22494
+ https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd
Notes
+ introduced in 0.2.2.1-alpha
CVE-2017-0377 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Session hijacking
Description
+ A security issue has been found in Tor <= 0.3.0.8, which could make it easier to eavesdrop on Tor users' traffic. When choosing which guard to use for a circuit, Tor avoids using a node that is in the same family that the exit node it selected, but this check was accidentally removed in 0.3.0.
References
+ https://blog.torproject.org/blog/tor-0309-released-security-update-clients
+ https://trac.torproject.org/projects/tor/ticket/22753
+ https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
Notes
CVE-2017-0379 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Private key recovery
Description
+ Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. On multi user systems or on boxes with virtual machines this attack may be used to steal private keys.
References
+ https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000414.html
+ https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9
+ https://eprint.iacr.org/2017/806
Notes
CVE-2017-0553 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Privilege escalation
Description
+ An integer overflow vulnerability has been found in the nlmsg_reserve() function of libnl < 3.3.0, allowing local privilege escalation.
References
+ http://git.infradead.org/users/tgr/libnl.git/commitdiff/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb?hp=3dd2a0f26fa59896b4b4a262cf309a4be4aa70d3
Notes