CVSS: 7.8EPSS: 52%CPEs: 20EXPL: 2CVE-2017-8291 – Artifex Ghostscript Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-8291
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Artifex Ghostscript permite sobrepasar -dSAFER y la ejecución de comandos remotos a través de una vulnerabilidad de type confusion en .rsdparams con una subcadena "/ OutputFile (% pipe%" en un documento .eps que se utilice como entrada al gs. It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile. • https://www.exploit-db.com/exploits/41955 http://openwall.com/lists/oss-security/2017/04/28/2 http://www.debian.org/security/2017/dsa-3838 http://www.securityfocus.com/bid/98476 https://access.redhat.com/errata/RHSA-2017:1230 https://bugs.ghostscript.com/show_bug.cgi?id=697808 https://bugzilla.redhat.com/show_bug.cgi?id=1446063 https://bugzilla.suse.com/show_bug.cgi?id=1036453 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-5061 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5061
A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Una condición de carrera en navigation en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac, permitía que un atacante remoto suplantase el contenido de la Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/672847 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5061 https://bugzilla.redhat.com/show_bug.cgi?id=1443839 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 1%CPEs: 9EXPL: 0CVE-2017-5057 – chromium-browser: type confusion in pdfium
https://notcve.org/view.php?id=CVE-2017-5057
Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Verificaciones insuficientes de consistencia en la manipulación de firmas en la pila de red en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Mac, Windows y Linux y a la 58.0.3029.83 para Android, permitían que un atacante remoto aceptase un certificado X.509 mal formado mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/695826 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5057 https://bugzilla.redhat.com/show_bug.cgi?id=1443835 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-5065 – chromium-browser: incorrect ui in blink
https://notcve.org/view.php?id=CVE-2017-5065
Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page. La falta de una acción adecuada en la navegación de páginas en Blink en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Windows y Mac, permitía que un atacante remoto pudiese confundir a un usuario para que realizase una decisión en materia de seguridad incorrecta mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/704560 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5065 https://bugzilla.redhat.com/show_bug.cgi?id=1443847 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 16%CPEs: 9EXPL: 0CVE-2017-5059 – Google Chrome List Item Marker Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-5059
Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page. Una confusión de tipos en Blink en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac y a la 58.0.3029.83 para Android, permitía que un atacante remoto pudiese ejecutar código mediante una página HTML manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of list item markers. It's possible to trigger a type confusion condition by manipulating a document's elements. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/684684 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5059 https://bugzilla.redhat.com/show_bug.cgi?id=1443837 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •