CVE-2017-3167 – httpd: ap_get_basic_auth_pw() authentication bypass
https://notcve.org/view.php?id=CVE-2017-3167
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. En Apache httpd, en versiones 2.2.x anteriores a la 2.2.33 y versiones 2.4.x anteriores a la 2.4.26, el uso de ap_get_basic_auth_pw() por parte de módulos de terceros fuera de la fase de autenticación puede dar lugar a que se omitan requisitos de autenticación.. It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99135 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://access.redhat.com/errata/RHS • CWE-287: Improper Authentication •
CVE-2017-7004 – Apple macOS 10.12.3 / iOS < 10.3.2 - Userspace Entitlement Checking Race Condition
https://notcve.org/view.php?id=CVE-2017-7004
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • https://www.exploit-db.com/exploits/42145 https://support.apple.com/HT207797 https://support.apple.com/HT207798 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2017-7001 – Apple Safari WebSQL offsets Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7001
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • http://www.securityfocus.com/bid/98768 https://support.apple.com/HT207797 https://support.apple.com/HT207798 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7000 – Apple Safari WebSQL snippet Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7000
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • http://www.securityfocus.com/bid/98767 http://www.securityfocus.com/bid/99950 https://access.redhat.com/errata/RHSA-2017:1833 https://security.gentoo.org/glsa/201709-15 https://support.apple.com/HT207797 https://support.apple.com/HT207798 https://www.debian.org/security/2017/dsa-3926 https://access.redhat.com/security/cve/CVE-2017-7000 https://bugzilla.redhat.com/show_bug.cgi?id=1475207 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-7002 – Apple Safari WebSQL matchinfo Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7002
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. Se ha descubierto un problema en ciertos productos Apple. Se han visto afectadas las versiones de iOS anteriores a la 10.3.2 y las versiones de macOS anteriores a la 10.12.5. • http://www.securityfocus.com/bid/98773 https://support.apple.com/HT207797 https://support.apple.com/HT207798 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •