Log

CVE-2017-5205 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
References
+ https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html
Notes
CVE-2017-5206 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ A vulnerability has been discovered when using ptrace with --allow-debuggers, which allows a sandboxed program to escape the seccomp profile by rewriting permitted system calls into unpermitted ones pre Linux 4.8.
References
+ https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e
Notes
CVE-2017-5207 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ A vulnerability has been discovered when providing a custom shell as a parameter to the firejail bandwidth command. By making this custom shell ignore the -c (for command) option, an attacker can execute an arbitrary command to, for example, obtain a root shell.
References
+ https://github.com/netblue30/firejail/issues/1023
+ https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc
Notes
CVE-2017-5208 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary code execution
Description
+ An integer overflow vulnerability was found in icoutils in the wrestool program. A maliciously crafted file could make the application crash or possibly lead to arbitrary code execution. This issue only affects 64-bit systems, as the result of subtracting two pointers exceeds the size of int.
References
+ http://www.nongnu.org/icoutils/NEWS
+ http://seclists.org/oss-sec/2017/q1/38
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850017
+ https://anonscm.debian.org/git/users/cjwatson/icoutils.git/plain/debian/patches/check-offset-overflow.patch
Notes
CVE-2017-5209 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Information disclosure
Description
+ The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1412613
Notes
CVE-2017-5330 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Arbitrary command execution
Description
+ Opening an url with ark will call KRUN::runURL() which detects the mime-type of the url and runs the appropriate service for that mimetype when found. This leads to unintended execution of scripts and executable files.
References
+ https://www.kde.org/info/security/advisory-20170112-1.txt
+ http://seclists.org/oss-sec/2017/q1/45
+ https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
+ https://bugs.kde.org/show_bug.cgi?id=374572
Notes
CVE-2017-5340 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ It was found that PHP uses uninitialized memory during calls to `unserialize()`. The payload supplied to `unserialize()` may control this uninitialized memory region and thus may be used to trick PHP into operating on faked objects and calling attacker controlled destructor function pointers, effectively allowing arbitrary code execution via specially crafted serialized data.
References
+ https://bugs.php.net/bug.php?id=73832
Notes
CVE-2017-5341 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().
References
+ https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html
Notes
CVE-2017-5342 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().
References
+ https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html
Notes
CVE-2017-5357 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ A vulnerability was found in GNU ed. An invalid free might occur while parsing specially crafted commands which will make the application crash.
References
+ http://www.openwall.com/lists/oss-security/2017/01/12/5
+ https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
Notes