CVSS: 9.8EPSS: 6%CPEs: 16EXPL: 0CVE-2015-5740 – golang: HTTP request smuggling in net/http library
https://notcve.org/view.php?id=CVE-2015-5740
18 Oct 2017 — The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. La biblioteca net/http en net/http/transfer.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente cabeceras HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de peticiones HTTP mediante una petición con dos cabeceras Content-lengt... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 3%CPEs: 23EXPL: 0CVE-2017-7793 – Mozilla: Use-after-free with Fetch API (MFSA 2017-22)
https://notcve.org/view.php?id=CVE-2017-7793
29 Sep 2017 — A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada en la API Fetch cuando el trabajador o la ventana asociada se liberan mientras siguen en uso, lo que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afe... • http://www.securityfocus.com/bid/101055 • CWE-416: Use After Free •
CVSS: 8.0EPSS: 4%CPEs: 43EXPL: 7CVE-2017-1000251 – Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-1000251
12 Sep 2017 — The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. La pila Bluetooth nativa en el Kernel Linux (BlueZ), comenzando por la versión 2.6.32 del kernel de Linux y hasta, e incluyendo, la versión 4.13.1, es vulnerable a un desbordamiento de pila durante el procesado de las respuestas... • https://packetstorm.news/files/id/144307 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 2%CPEs: 18EXPL: 1CVE-2017-7753 – Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7753
10 Aug 2017 — An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurre una lectura fuera de límites al aplicar reglas de estilo a pseudo-elementos, como ::first-line, mediante el uso de datos de estilo en caché. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.3, Firefox ESR en versiones anteriores a la 52.3 y Firefox en versiones anteriores a l... • http://www.securityfocus.com/bid/100315 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 6%CPEs: 22EXPL: 1CVE-2017-7784 – Mozilla: Use-after-free with image observers (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7784
10 Aug 2017 — A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada al leer un observador de imagen durante la reconstrucción de frames una vez se ha liberado el observador. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100202 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 11%CPEs: 22EXPL: 1CVE-2017-7785 – Mozilla: Buffer overflow manipulating ARIA elements in DOM (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7785
10 Aug 2017 — A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir un desbordamiento de búfer al manipular atributos ARIA (Accessible Rich Internet Applications) en el DOM. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 12%CPEs: 23EXPL: 1CVE-2017-7786 – Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7786
10 Aug 2017 — A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir un desbordamiento de búfer cuando el renderizador de imagen intenta pintar elementos SVG no mostrables. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 1CVE-2017-7787 – Mozilla: Same-origin policy bypass with iframes through page reloads (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7787
10 Aug 2017 — Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Las protecciones de política del mismo origen se pueden omitir en páginas con iframes embebidos durante la recarga de páginas, lo que permite que los iframes accedan a contenido en la página de nivel más alto, lo que conduce a una ... • http://www.securityfocus.com/bid/100234 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 1%CPEs: 22EXPL: 1CVE-2017-7791 – Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7791
10 Aug 2017 — On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. En las páginas que contienen un iframe, el protocolo "data:" se puede emplear para crear una alerta modal que se representará sobre dominios arbitrarios siguiendo la navegación, suplantando el origen de la... • http://www.securityfocus.com/bid/100240 • CWE-20: Improper Input Validation CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 10%CPEs: 22EXPL: 1CVE-2017-7792 – Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7792
10 Aug 2017 — A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurrirá un desbordamiento de búfer al ver un certificado en el gestor de certificados si el certificado tiene un OID (Object Identifier) o identificador de objeto demasiado largo. Esto resulta en un cierre inesperado potencialme... • http://www.securityfocus.com/bid/100206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •