CVE-2017-15101 – liblouis: incomplete fix for CVE-2014-8184
https://notcve.org/view.php?id=CVE-2017-15101
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution. Se ha detectado que faltaba un parche para un desbordamiento de búfer basado en pila en findTable() en la versión Red Hat de liblouis en versiones anteriores a la la 2.5.4. Un atacante podría provocar una denegación de servicio (DoS) o incluso ejecutar código arbitrario. A missing fix for one stack-based buffer overflow in findTable() for CVE-2014-8184 was discovered. • https://access.redhat.com/errata/RHSA-2017:3384 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15101 https://access.redhat.com/security/cve/CVE-2017-15101 https://bugzilla.redhat.com/show_bug.cgi?id=1511023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2017-7843 – Mozilla: Web worker in Private Browsing mode can write IndexedDB data
https://notcve.org/view.php?id=CVE-2017-7843
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1. Cuando se utiliza el modo Navegación Privada, es posible que un trabajador web escriba datos persistentes en IndexedDB y realice fingerprinting en un usuario de forma única. IndexedDB no debería estar disponible en modo Navegación Privada y estos datos almacenados persistirán en varias sesiones en modo Navegación Privada porque no se borran al cerrar. • http://www.securityfocus.com/bid/102039 http://www.securityfocus.com/bid/102112 http://www.securitytracker.com/id/1039954 https://access.redhat.com/errata/RHSA-2017:3382 https://bugzilla.mozilla.org/show_bug.cgi?id=1410106 https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html https://www.debian.org/security/2017/dsa-4062 https://www.mozilla.org/security/advisories/mfsa2017-27 https://www.mozilla.org/security/advisories/mfsa2017-28 https://access.redhat.com/securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVE-2017-12173 – sssd: unsanitized input when searching in local cache database
https://notcve.org/view.php?id=CVE-2017-12173
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. Se ha encontrado que la función sysdb_search_user_by_upn_res() de sssd en versiones anteriores a la 1.16.0 no saneaba las peticiones al consultar su caché local y era vulnerable a inyecciones. En un entorno de inicio de sesión centralizado, si un hash de contraseña se almacenaba en la caché local de un usuario determinado, un atacante autenticado podía utilizar este error para recuperarlo. It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. • https://access.redhat.com/errata/RHSA-2017:3379 https://access.redhat.com/errata/RHSA-2018:1877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173 https://access.redhat.com/security/cve/CVE-2017-12173 https://bugzilla.redhat.com/show_bug.cgi?id=1498173 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-7828 – Mozilla: Use-after-free of PressShell while restyling layout (MFSA 2017-25)
https://notcve.org/view.php?id=CVE-2017-7828
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando se alinea y redimensiona la disposición porque el objeto "PressShell'" se ha liberado cuando se estaba utilizando. Esto resulta en un cierre inesperado potencialmente explotable durante estas operaciones. • http://www.securityfocus.com/bid/101832 http://www.securitytracker.com/id/1039803 https://access.redhat.com/errata/RHSA-2017:3247 https://access.redhat.com/errata/RHSA-2017:3372 https://bugzilla.mozilla.org/show_bug.cgi?id=1406750 https://bugzilla.mozilla.org/show_bug.cgi?id=1412252 https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html https://www.debian.org/security/2017/dsa-4035 https:// • CWE-416: Use After Free •
CVE-2017-7830 – Mozilla: Cross-origin URL information leak through Resource Timing API (MFSA 2017-25)
https://notcve.org/view.php?id=CVE-2017-7830
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. La API Resource Timing revelaba incorrectamente las navegaciones en iframes cross-origin. Esta es una violación de la política same-origin y podría permitir el robo de datos de URL cargadas por los usuarios. • http://www.securityfocus.com/bid/101832 http://www.securitytracker.com/id/1039803 https://access.redhat.com/errata/RHSA-2017:3247 https://access.redhat.com/errata/RHSA-2017:3372 https://bugzilla.mozilla.org/show_bug.cgi?id=1408990 https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html https://www.debian.org/security/2017/dsa-4035 https://www.debian.org/security/2017/dsa-4061 https://www. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •