CVSS: 9.6EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5087 – chromium-browser: sandbox escape in indexeddb
https://notcve.org/view.php?id=CVE-2017-5087
A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. Un uso de memoria previamente liberada en Blink en Google Chrome, en versiones anteriores a la 59.0.3071.104 para Mac, Windows y Linux y a la 59.0.3071.117 para Android, permitía que un atacante remoto realizase una lectura de memoria fuera de límites mediante una página HTML manipulada. Esto también se conoce como escape de espacio aislado o sandbox IndexedDB. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99096 http://www.securitytracker.com/id/1038765 https://access.redhat.com/errata/RHSA-2017:1495 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html https://crbug.com/725032 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5087 https://bugzilla.redhat.com/show_bug.cgi?id=1462148 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5088 – chromium-browser: out of bounds read in v8
https://notcve.org/view.php?id=CVE-2017-5088
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Una validación insuficiente de entradas no fiables en V8 en Google Chrome, en versiones anteriores a la 59.0.3071.104 para Mac, Windows y Linux y a la 59.0.3071.117 para Android, permitía que un atacante remoto realizase un acceso a la memoria fuera de límites mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3926 http://www.securityfocus.com/bid/99096 http://www.securitytracker.com/id/1038765 https://access.redhat.com/errata/RHSA-2017:1495 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html https://crbug.com/729991 https://security.gentoo.org/glsa/201706-20 https://access.redhat.com/security/cve/CVE-2017-5088 https://bugzilla.redhat.com/show_bug.cgi?id=1462149 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 0CVE-2017-0663
https://notcve.org/view.php?id=CVE-2017-0663
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170. • http://www.debian.org/security/2017/dsa-3952 http://www.securityfocus.com/bid/98877 http://www.securitytracker.com/id/1038623 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201711-01 https://source.android.com/security/bulletin/2017-06-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0641
https://notcve.org/view.php?id=CVE-2017-0641
A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591. • http://www.securityfocus.com/bid/98868 http://www.securitytracker.com/id/1038623 https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb https://source.android.com/security/bulletin/2017-06-01 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-0647
https://notcve.org/view.php?id=CVE-2017-0647
An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138. • http://www.securityfocus.com/bid/98877 http://www.securitytracker.com/id/1038623 https://source.android.com/security/bulletin/2017-06-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •