CVSS: 5.3EPSS: 0%CPEs: 52EXPL: 0CVE-2017-10350 – OpenJDK: unbounded memory allocation in JAXWSExceptionBase deserialization (JAX-WS, 8181100)
https://notcve.org/view.php?id=CVE-2017-10350
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101341 http://www.securitytracker.com/id/1039596 https://access.redhat.com/errata/RHSA-2017:2998 https://access.redhat.com/errata/RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3264 https://access.redhat.com/errata/RHSA-2017:3267 https://access.redhat.com/errata/RHSA-2017:3268 https://access.redhat.com/errata/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10357 – OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)
https://notcve.org/view.php?id=CVE-2017-10357
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101355 http://www.securitytracker.com/id/1039596 https://access.redhat.com/errata/RHSA-2017:2998 https://access.redhat.com/errata/RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3047 https://access.redhat.com/errata/RHSA-2017:3264 https://access.redhat.com/errata/RHSA-2017:3267 https://access.redhat.com/errata/ • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0CVE-2015-5739 – golang: HTTP request smuggling in net/http library
https://notcve.org/view.php?id=CVE-2015-5739
The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." La biblioteca net/http en net/textproto/reader.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente claves de cabecera HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de peticiones HTTP mediante un espacio en lugar de un guión, tal y como se muestra en "Content Length", en lugar de "Content-Length". HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error (the second field is ignored), and invalid fields are parsed as valid (for example, "Content Length:" with a space in the middle is accepted). A non-authenticated attacker could exploit these flaws to bypass security controls, perform web-cache poisoning, or alter the request/response map (denial of service). • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html http://rhn.redhat.com/errata/RHSA-2016-1538.html http://seclists.org/oss-sec/2015/q3/237 http://seclists.org/oss-sec/2015/q3/292 http://seclists.org/oss-sec/2015/q3/294 http://www.securityfocus.com/bid/76281 https://bugzilla.redhat.com/show_bug.cgi?id=1250352 https://github.com/golang/go/commit/117ddcb83d7f42d • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0CVE-2015-5740 – golang: HTTP request smuggling in net/http library
https://notcve.org/view.php?id=CVE-2015-5740
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. La biblioteca net/http en net/http/transfer.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente cabeceras HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de peticiones HTTP mediante una petición con dos cabeceras Content-length. HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error (the second field is ignored), and invalid fields are parsed as valid (for example, "Content Length:" with a space in the middle is accepted). A non-authenticated attacker could exploit these flaws to bypass security controls, perform web-cache poisoning, or alter the request/response map (denial of service). • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html http://rhn.redhat.com/errata/RHSA-2016-1538.html http://seclists.org/oss-sec/2015/q3/237 http://seclists.org/oss-sec/2015/q3/292 http://seclists.org/oss-sec/2015/q3/294 https://bugzilla.redhat.com/show_bug.cgi?id=1250352 https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f https://access.redhat.c • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 13%CPEs: 87EXPL: 0CVE-2017-0903 – rubygems: Unsafe object deserialization through YAML formatted gem specifications
https://notcve.org/view.php?id=CVE-2017-0903
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. Las versiones de RubyGems entre la 2.0.0 y la 2.6.13 son vulnerables a una posible vulnerabilidad de ejecución remota de código. La deserialización YAML de especificaciones de gemas puede omitir listas blancas de clases. • http://blog.rubygems.org/2017/10/09/2.6.14-released.html http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html http://www.securityfocus.com/bid/101275 https://access.redhat.com/errata/RHSA-2017:3485 https://access.redhat.com/errata/RHSA-2018:0378 https://access.redhat.com/errata/RHSA-2018:0583 https://access.redhat.com/errata/RHSA-2018:0585 https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49 https://hackerone.com/reports/27499 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •