CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2018-5095 – Mozilla: Integer overflow in Skia library during edge builder allocation (MFSA 2018-03)
https://notcve.org/view.php?id=CVE-2018-5095
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. Una vulnerabilidad de desbordamiento de enteros en la librería Skia cuando se asigna memoria para los "edge builders" en determinados sistemas con al menos 8 GB de RAM. Esto resulta en el uso de memoria no inicializada, resultando en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/102783 http://www.securitytracker.com/id/1040270 https://access.redhat.com/errata/RHSA-2018:0122 https://access.redhat.com/errata/RHSA-2018:0262 https://bugzilla.mozilla.org/show_bug.cgi?id=1418447 https://lists.debian.org/debian-lts-announce/2018/01/msg00030.html https://lists.debian.org/debian-lts-announce/2018/01/msg00036.html https://usn.ubuntu.com/3544-1 https://www.debian.org/security/2018/dsa-4096 https://www.debian.org/securi • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 5%CPEs: 72EXPL: 0CVE-2017-3145 – Improper fetch cleanup sequencing in the resolver can cause named to crash
https://notcve.org/view.php?id=CVE-2017-3145
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. BIND secuenciaba incorrectamente las operaciones de limpieza en contextos fetch de recursión ascendente, lo que conduce en algunos casos a un error de uso de memoria previamente liberada que puede desencadenar un fallo de aserción y un cierre inesperado en named. Afecta a BIND desde la versión 9.0.0 hasta la versión 9.8.x, desde la versión 9.9.0 hasta la versión 9.9.11, desde la versión 9.10.0 hasta la versión 9.10.6, desde la versión 9.11.0 hasta la versión 9.11.2, desde la versión 9.9.3-S1 hasta la versión 09.9.11-S1, desde la versión 9.10.5-S1 hasta la versión 9.10.6-S1 y desde la 9.12.0a1 hasta la 9.12.0rc1. A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. • http://www.securityfocus.com/bid/102716 http://www.securitytracker.com/id/1040195 https://access.redhat.com/errata/RHSA-2018:0101 https://access.redhat.com/errata/RHSA-2018:0102 https://access.redhat.com/errata/RHSA-2018:0487 https://access.redhat.com/errata/RHSA-2018:0488 https://kb.isc.org/docs/aa-01542 https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html https://security.netapp.com/advisory/ntap-20180117-0003 https://supportportal.juniper.net/s/article/ • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2017-7848 – Mozilla: RSS Feed vulnerable to new line Injection
https://notcve.org/view.php?id=CVE-2017-7848
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. Los campos RSS pueden inyectar nuevas líneas en la estructura del correo electrónico creado, modificando el cuerpo del mensaje. La vulnerabilidad afecta a las versiones anteriores a la 52.5.2 de Thunderbird. • http://www.securityfocus.com/bid/102258 http://www.securitytracker.com/id/1040123 https://access.redhat.com/errata/RHSA-2018:0061 https://bugzilla.mozilla.org/show_bug.cgi?id=1411699 https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html https://www.debian.org/security/2017/dsa-4075 https://www.mozilla.org/security/advisories/mfsa2017-30 https://access.redhat.com/security/cve/CVE-2017-7848 https://bugzilla.redhat.com/show_bug.cgi?id=1530192 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-12189 – jboss: unsafe chown of server.log in jboss init script allows privilege escalation (Incomplete fix for CVE-2016-8656)
https://notcve.org/view.php?id=CVE-2017-12189
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656. Se ha descubierto que el script init jboss, tal y como se usa en Red Hat JBoss Enterprise Application Platform 7.0.7.GA, gestionaba archivos de manera no segura, lo que podría resultar en un escalado de privilegios local. Este problema es el resultado de una solución incompleta para CVE-2016-8656. It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation. • http://www.securityfocus.com/bid/102407 https://access.redhat.com/errata/RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0005 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189 https://access.redhat.com/security/cve/CVE-2017-12189 https://bugzilla.redhat.com/show_bug.cgi?id=1499631 • CWE-282: Improper Ownership Management •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-12167 – EAP-7: Wrong privileges on multiple property files
https://notcve.org/view.php?id=CVE-2017-12167
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. Se ha detectado en EAP 7 en versiones anteriores a la 7.0.9 que los archivos basados en propiedades de la administración y la configuración del dominio de la aplicación que contienen mapeo de usuario a rol son legibles para todos los usuarios, permitiendo el acceso a la información de usuarios y roles a todos los usuarios conectados al sistema. It was found that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. • http://www.securityfocus.com/bid/100903 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0005 https://bugzilla.redhat.com/show_bug.cgi?id=C • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •