Log

CVE-2017-5180 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ A race condition vulnerability has been discovered in firejail. An attacker that is able to symlink to arbitrary binaries or libraries can trick firejail into running them with EUID 0, resulting in escalation of privilege.
References
+ http://www.openwall.com/lists/oss-security/2017/01/04/1
+ https://github.com/netblue30/firejail/issues/1020
Notes
+ http://seclists.org/oss-sec/2017/q1/21
CVE-2017-5192 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already-authenticated users and is only in effect when running salt-api as the `root` user.
References
+ https://groups.google.com/forum/#!msg/salt-announce/eP_kQiQdnvo/6cvBrwsqCAAJ
Notes
CVE-2017-5193 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A NULL pointer dereference has been discovered in the nickcmp function leading to application crash.
References
+ https://irssi.org/security/irssi_sa_2017_01.txt
+ http://www.openwall.com/lists/oss-security/2017/01/05/2
+ https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
Notes
CVE-2017-5194 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use after free vulnerability has been discovered when receiving an invalid nick message potentially leading to arbitrary code execution.
References
+ https://irssi.org/security/irssi_sa_2017_01.txt
+ http://www.openwall.com/lists/oss-security/2017/01/05/2
+ https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
Notes
CVE-2017-5195 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An out of bounds read has been discovered in certain incomplete control codes leading to application crash.
References
+ https://irssi.org/security/irssi_sa_2017_01.txt
+ http://www.openwall.com/lists/oss-security/2017/01/05/2
+ https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
Notes
CVE-2017-5196 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An out of bounds read has been discovered in certain incomplete character sequences leading to application crash.
References
+ https://irssi.org/security/irssi_sa_2017_01.txt
+ http://www.openwall.com/lists/oss-security/2017/01/05/2
+ https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
Notes
CVE-2017-5200 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary command execution
Description
+ Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled.
References
+ https://groups.google.com/forum/#!msg/salt-announce/eP_kQiQdnvo/6cvBrwsqCAAJ
Notes
CVE-2017-5202 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
References
+ https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html
Notes
CVE-2017-5203 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
References
+ https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html
Notes
CVE-2017-5204 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
References
+ https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html
Notes