Log

CVE-2017-1000407 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) before 4.14.6, 4.9.69, 4.4.106, 3.18.88, 3.16.52 and 3.2.97 is vulnerable to a denial of service issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in denial of service.
References
+ http://www.openwall.com/lists/oss-security/2017/12/04/2
+ https://git.kernel.org/linus/d59d51f088014f25c2562de59b9abff4f42a7468
Notes
CVE-2017-1000410 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ The Linux kernel version 3.3-rc1 and later is affected by a vulnerability in the processing of incoming L2CAP bluetooth commands via the ConfigRequest and ConfigResponse messages resulting in leaking data in kernel address space. This information leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner.
References
+ http://seclists.org/oss-sec/2017/q4/357
Notes
CVE-2017-10053 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if that was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory.
References
+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/686e47e14565
Notes
CVE-2017-10067 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Authentication bypass
Description
+ It was discovered that the JAR (Java ARchive) verifier in the Security component of OpenJDK did not correctly handle files inside archives with missing digest. An attacker could possibly use this flaw to manipulate content of a singed JAR, bypassing intended verification.
References
+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c729ab3b13ae
Notes
CVE-2017-10074 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ It was discovered that the Hotspot component of OpenJDK did not properly check for integer overflows when generating range check loop predicates. An untrusted Java application or applet could use this flaw to corrupt JVM memory and cause it to crash or, possibly, execute arbitrary code, bypassing Java sandbox restrictions.
References
+ http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/37ba410ffd43
Notes
CVE-2017-10081 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ A flaw was found in the way the Hotspot component of OpenJDK processed extraneous brackets in function signatures. An untrusted Java application or applet could use this flaw to bypass Java certain sandbox restrictions.
References
+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/09eae0bade20
Notes
CVE-2017-10087 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ It was discovered that the implementation of the ThreadPoolExecutor class in the java.util.concurrent package of the Libraries component of OpenJDK failed to properly perform access control checks. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
References
+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/e95a13de2d36
Notes
CVE-2017-10089 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ It was discovered that the implementation of the ServiceRegistry class in the ImageIO component of OpenJDK failed to properly perform access control checks. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
References
+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/d7bd49ad8f0a
Notes
CVE-2017-10090 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ It was discovered that the implementation of the AsynchronousChannelGroupImpl class in the java.nio.channels package of the Libraries component of OpenJDK failed to properly perform access control checks. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
References
+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/51631f9fa8d8
Notes
CVE-2017-10096 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ It was discovered that the implementation of the TransformerException class in the JAXP component of OpenJDK failed to properly perform access control checks, related to handling of the DTM exceptions. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
References
+ http://hg.openjdk.java.net/jdk8u/jdk8u/jaxp/rev/510b8c8dfdd6
Notes