Log

CVE-2017-9148 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Authentication bypass
Description
+ A security issue has been found in FreeRADIUS < 3.0.14. The implementation of TTLS and PEAP in FreeRADIUS skips inner authentication when it handles a resumed TLS connection. This is a feature but there is a critical catch: the server must never allow resumption of a TLS session until its initial connection gets to the point where inner authentication has been finished successfully. Unfortunately, affected versions of FreeRADIUS fail to reliably prevent resumption of unauthenticated sessions unless the TLS session cache is disabled completely and allow an attacker (e.g. a malicious supplicant) to elicit EAP Success without sending any valid credentials.
References
+ http://seclists.org/oss-sec/2017/q2/342
Notes
CVE-2017-9216 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
References
+ https://bugs.ghostscript.com/show_bug.cgi?id=697934
+ https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3ebffb1d96ba0cacec23016eccb4047dab365853
Notes
CVE-2017-9217 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A security issue has been found in systemd-resolved, allowing a remote attacker to cause a denial of service (daemon crash via NULL-pointer dereference) via a crafted DNS response with an empty question section.
References
+ https://github.com/systemd/systemd/commit/262d95fecd357343887709006188f690cfe040a9
+ https://github.com/systemd/systemd/pull/6020
Notes
CVE-2017-9218 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ the mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a
+ denial of service(invalid memory read and application crash) via a crafted mp4 file.
References
+ http://seclists.org/fulldisclosure/2017/Jun/32
Notes
CVE-2017-9219 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ the mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a
+ denial of service (memory allocation error and application crash) via a crafted mp4 file.
References
+ http://seclists.org/fulldisclosure/2017/Jun/32
Notes
CVE-2017-9220 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ the mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a
+ denial of service (memory allocation error) via a crafted mp4 file.
References
+ http://seclists.org/fulldisclosure/2017/Jun/32
Notes
CVE-2017-9221 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ the mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a
+ denial of service(invalid memory read and application crash) via a crafted mp4 file.
References
+ http://seclists.org/fulldisclosure/2017/Jun/32
Notes
CVE-2017-9222 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ the mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can to cause a
+ denial of service(infinite loop and CPU consumption) via a crafted mp4 file.
References
+ http://seclists.org/fulldisclosure/2017/Jun/32
Notes
CVE-2017-9223 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ the mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 can cause a
+ denial of service(invalid memory read and application crash) via a crafted mp4 file.
References
+ http://seclists.org/fulldisclosure/2017/Jun/32
Notes
CVE-2017-9233 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An external entity infinite loop issue has been found in Expat < 2.2.1, leading to a denial of service.
References
+ https://libexpat.github.io/doc/cve-2017-9233/
Notes