CVE-2017-5116 – chromium-browser: type confusion in v8
https://notcve.org/view.php?id=CVE-2017-5116
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos en V8 en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto ejecutase código arbitrario dentro de un espacio aislado o sandbox mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/759624 https://security.gentoo.org/glsa/201709-15 https://security.googleblog.com/2018/01/android-security-ecosystem-investments.html https://access.redhat.com/security/cve/CVE-2017-5116 https://bugzilla.redha • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2017-5113 – chromium-browser: heap buffer overflow in skia
https://notcve.org/view.php?id=CVE-2017-5113
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento aritmético en Skia en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto pudiese explotar una corrupción de la memoria dinámica (heap) mediante una página HTML manipulada. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/747043 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5113 https://bugzilla.redhat.com/show_bug.cgi?id=1488774 • CWE-787: Out-of-bounds Write •
CVE-2017-5111 – chromium-browser: use after free in pdfium
https://notcve.org/view.php?id=CVE-2017-5111
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. Un uso de memoria previamente liberada en PDFium en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Linux, Windows y Mac, permitía que un atacante remoto pudiese explotar una corrupción de memoria mediante un archivo PDF manipulado. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/737023 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5111 https://bugzilla.redhat.com/show_bug.cgi?id=1488772 • CWE-416: Use After Free •
CVE-2017-0899 – rubygems: Escape sequence in the "summary" field of gemspec
https://notcve.org/view.php?id=CVE-2017-0899
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. RubyGems 2.6.12 y anteriores es vulnerable a especificaciones de gemas manipuladas maliciosamente que incluyen caracteres de escapada de terminal. Imprimir la especificación de las gemas ejecutaría secuencias de escapada de terminal. A vulnerability was found where rubygems did not properly sanitize gems' specification text. • http://blog.rubygems.org/2017/08/27/2.6.13-released.html http://www.securityfocus.com/bid/100576 http://www.securitytracker.com/id/1039249 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/1bcbc7fe637b03145401ec9c094066285934a7f1 https://github.com/rubygems/rubygems/commit/ef0aa611effb5f54d40c7fba6e8235eb43c5a491 https • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-138: Improper Neutralization of Special Elements CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •
CVE-2017-0902 – rubygems: DNS hijacking vulnerability
https://notcve.org/view.php?id=CVE-2017-0902
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. RubyGems 2.6.12 y anteriores es vulnerable a secuestro de DNS, lo que permite a un atacante Man-in-the-Middle (MitM) forzar el cliente RubyGems a que descargue e instale gemas desde un servidor que está bajo el control del atacante. A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. • http://blog.rubygems.org/2017/08/27/2.6.13-released.html http://www.securityfocus.com/bid/100586 http://www.securitytracker.com/id/1039249 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/8d91516fb7037ecfb27622f605dc40245e0f8d32 https://hackerone.com/reports/218088 https://lists.debian.org/debian- • CWE-138: Improper Neutralization of Special Elements CWE-346: Origin Validation Error CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •