CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2017-5202 – tcpdump: multiple overflow issues in protocol decoding
https://notcve.org/view.php?id=CVE-2017-5202
28 Jan 2017 — The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). El analizador ISO CLNS en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-isoclns.c:clnp_print(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (... • http://www.debian.org/security/2017/dsa-3775 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2017-5203 – tcpdump: multiple overflow issues in protocol decoding
https://notcve.org/view.php?id=CVE-2017-5203
28 Jan 2017 — The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). El analizador BOOTP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-bootp.c:bootp_print(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without ... • http://www.debian.org/security/2017/dsa-3775 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 3%CPEs: 12EXPL: 0CVE-2017-5204 – tcpdump: multiple overflow issues in protocol decoding
https://notcve.org/view.php?id=CVE-2017-5204
28 Jan 2017 — The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). El analizador IPv6 en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-ip6.c:ip6_print(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which ... • http://www.debian.org/security/2017/dsa-3775 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2017-5205 – tcpdump: multiple overflow issues in protocol decoding
https://notcve.org/view.php?id=CVE-2017-5205
28 Jan 2017 — The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). El analizador ISAKMP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-isakmp.c:ikev2_e_print(). Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (... • http://www.debian.org/security/2017/dsa-3775 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 21EXPL: 0CVE-2017-5376 – Mozilla: Use-after-free in XSL (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5376
25 Jan 2017 — Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Uso de memoria previamente liberada al manipular XSL en documentos XSLT. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. USN-3175-1 fixed vulnerabilities in Firefox. • http://rhn.redhat.com/errata/RHSA-2017-0190.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 1CVE-2017-5378 – Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5378
25 Jan 2017 — Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Los códigos hasheados de objetos JavaScript se comparten entre páginas. Esto permite fugas de puntero debido a que se puede descubrir la dirección de un objeto por medio de los códigos hash ... • http://rhn.redhat.com/errata/RHSA-2017-0190.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 21EXPL: 0CVE-2017-5380 – Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5380
25 Jan 2017 — A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Se ha encontrado un potencial uso de memoria previamente liberada mediante fuzzing durante la manipulación DOM del contenido SVG. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. USN-3175-1 fixed vulnerabilities in Firefox. • http://rhn.redhat.com/errata/RHSA-2017-0190.html • CWE-416: Use After Free •
CVSS: 6.1EPSS: 2%CPEs: 21EXPL: 0CVE-2017-5383 – Mozilla: Location bar spoofing with unicode characters (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5383
25 Jan 2017 — URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Las URL que contienen ciertos glifos unicode para guiones y comillas alternativas no desencadenan correctamente la visualización de punycode, lo que permite ataques de suplantación de nombre de dominio en la barra de direcciones. La vulnerabilidad ... • http://rhn.redhat.com/errata/RHSA-2017-0190.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 1CVE-2017-5386 – Mozilla: WebExtensions can use data: protocol to affect other extensions (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5386
25 Jan 2017 — WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. Los scripts de WebExtension pueden emplear el protocolo "data:" para afectar a las páginas cargadas por otras extensiones web que empleen este protocolo, lo que conduce a una potencial divulgación de datos o un escalado de privilegios en las ext... • http://rhn.redhat.com/errata/RHSA-2017-0190.html •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2017-5390 – Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)
https://notcve.org/view.php?id=CVE-2017-5390
25 Jan 2017 — The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. El visor JSON en Developer Tools emplea métodos inseguros para crear un canal de comunicación para copiar y visualizar datos de cabeceras HTTP o JSON, lo que permite un potencial escalado de privilegios. La vulnerabilidad afecta a Thund... • http://rhn.redhat.com/errata/RHSA-2017-0190.html •