Log

CVE-2017-7506 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Two security issues have been found in spice <= 0.12.8, allowing a remote, authenticated user to get access to memory content by sending a number of monitors bigger than the number of items, and to trigger an integer overflow of the buffer_size variable, leading to a potentially exploitable buffer overflow.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1452606
+ https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f1e7ec03e26ab6b8ca9b7ec060846a5b706a963d
+ https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=ec6229c79abe05d731953df5f7e9a05ec9f6df79
+ https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=a957a90baf2c62d31f3547e56bba7d0e812d2331
Notes
CVE-2017-7507 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
References
+ https://www.gnutls.org/security.html#GNUTLS-SA-2017-4
+ https://bugzilla.redhat.com/show_bug.cgi?id=1454621
Notes
CVE-2017-7508 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A remote denial of service has been found in OpenVPN < 2.4.3, allowing a remote client to crash a server by sending a malformed IPv6 packet. The issue requires IPv6 and the --mssfix option to be enabled, and knowledge of the IPv6 networks used inside the VPN.
References
+ https://github.com/OpenVPN/openvpn/commit/c3f47077a7
Notes
CVE-2017-7512 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A remote denial of service has been found in OpenVPN < 2.4.3. A remote client can exploit a memory leak in the server's certificate parsing code to make it leak a few bytes of memory for each connection attempt, causing it to run out of memory.
References
+ https://github.com/OpenVPN/openvpn/commit/2341f71619
+ https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
Notes
CVE-2017-7520 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Information disclosure
Description
+ A pre-authentication remote crash/information disclosure vulnerability has been discovered in OpenVPN < 2.4.3. If the client uses a HTTP proxy with NTLM authentication (i.e. "--http-proxy <server> <port> [<authfile>|'auto'|'auto-nct'] ntlm2") to connect to the OpenVPN server, an attacker in position of man-in-the-middle between the client and the proxy can cause the client to crash or disclose at most 96 bytes of stack memory. The disclosed stack memory is likely to contain the proxy password.
References
+ https://github.com/OpenVPN/openvpn/commit/7718c8984f
Notes
+ This only affects clients who use OpenVPN to connect through an NTLM version 2 proxy.
CVE-2017-7521 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use-after-free has been found in OpenVPN < 2.4.3. The issue is caused by extract_x509_extension() not checking the return value of ASN1_STRING_to_UTF8(), and using then freeing a memory allocation that has already been freed if it failed. The issue requires the use of the --x509-alt-username option with an x509 extension, and is very unlikely to be triggered unless the remote peer can make the local process run out of memory.
References
+ https://github.com/OpenVPN/openvpn/commit/cb4e35ece4
+ https://github.com/OpenVPN/openvpn/commit/2d032c7fcd
Notes
CVE-2017-7522 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A post-authentication remote DoS has been found in OpenVPN >= 2.4 and < 2.4.3, allowing a client to crash a server by sending a crafted certificate with an embedded NUL character. The issue requires the OpenVPN server to be built against mbedtls and to use the --x509-track option.
References
+ https://github.com/OpenVPN/openvpn/commit/426392940c
Notes
CVE-2017-7526 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Private key recovery
Description
+ The pattern of squarings and multiplications in left-to-right sliding windows in libgcrypt <= 1.7.7 leaks significant information about exponent bits, allowing for the very efficient recovery of a full 1024-bit RSA key.
References
+ https://eprint.iacr.org/2017/627
+ https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=a9f612def801c8145d551d995475e5d51a4c988c;hp=0e6788517eac6f508fa32ec5d5c1cada7fb980bc
Notes
CVE-2017-7529 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ A security issue was identified in the range filter module of nginx < 1.13.3. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak.
+ When using nginx with standard modules this allows an attacker to obtain a cache file header if a response was returned from cache. In some configurations a cache file header may contain IP address of the backend server or other sensitive information. Besides, with 3rd party modules it is potentially possible that the issue may lead to a denial of service or a disclosure of a worker process memory. No such modules are currently known though.
References
+ http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
+ https://nginx.org/download/patch.2017.ranges.txt
Notes
CVE-2017-7546 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Authentication bypass
Description
+ It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords.
References
+ https://www.postgresql.org/about/news/1772/
+ https://github.com/postgres/postgres/commit/d5d46d99ba47f
Notes