CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5201
https://notcve.org/view.php?id=CVE-2017-5201
NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. NetApp Clustered Data ONTAP en versiones anteriores a la 8.3.2P8 y 9.0 anteriores a P2 permite que usuarios autenticados remotos obtengan información sensible del clúster y del tenant mediante vectores no especificados. Esta vulnerabilidad es diferente de CVE-2016-3064. • http://www.securityfocus.com/bid/101776 https://security.netapp.com/advisory/ntap-20170809-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2017-16642 – PHP 7.1.8 - Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-16642
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. En PHP, en versiones anteriores a la 5.6.32, versiones 7.x anteriores a la 7.0.25 y versiones 7.1.x anteriores a la 7.1.11, un error en la manipulación de timelib_meridian de la extensión de fecha de las directivas "front of" y "back of" podría ser empleado por atacantes capaces de proporcionar cadenas de fechas para filtrar información del intérprete. Esto está relacionado con lecturas fuera de límites de ext/date/lib/parse_date.c que afectan a la función php_parse_date. NOTA: este problema es diferente de CVE-2017-11145. • https://www.exploit-db.com/exploits/43133 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/101745 https://access.redhat.com/errata/RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=75055 https://github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536 https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1 https://security.netapp.com/advisory/ntap-20181123-0001 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-15906 – openssh: Improper write operations in readonly mode allow for zero-length file creation
https://notcve.org/view.php?id=CVE-2017-15906
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. La función process_open en sftp-server.c en OpenSSH, en versiones anteriores a la 7.6, no evita correctamente las operaciones de escritura en el modo readonly, lo que permite que los atacantes creen archivos de longitud cero. • http://www.securityfocus.com/bid/101552 https://access.redhat.com/errata/RHSA-2018:0980 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html https://security.gentoo.org/glsa/201801-05 https://security.netapp.com/advisory/ntap-20180423-0004 https://www.openssh.com/txt/release-7.6 https://www.oracle.com/security-alerts/cpujan2020.html http • CWE-20: Improper Input Validation CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.6EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10346 – OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)
https://notcve.org/view.php?id=CVE-2017-10346
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101315 http://www.securitytracker.com/id/1039596 https://access.redhat.com/errata/RHSA-2017:2998 https://access.redhat.com/errata/RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3047 https://access.redhat.com/errata/RHSA-2017:3264 https://access.redhat.com/errata/RHSA-2017:3267 https://access.redhat.com/errata/ •
CVSS: 4.3EPSS: 0%CPEs: 55EXPL: 0CVE-2017-10295 – OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)
https://notcve.org/view.php?id=CVE-2017-10295
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101384 http://www.securitytracker.com/id/1039596 https://access.redhat.com/errata/RHSA-2017:2998 https://access.redhat.com/errata/RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3047 https://access.redhat.com/errata/RHSA-2017:3264 https://access.redhat.com/errata/RHSA-2017:3267 https://access.redhat.com/errata/ • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •