Page 53 of 478 results (0.017 seconds)

CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 3

CVE-2017-1000366 – Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. Glibc contiene una vulnerabilidad que permite que los valores LD_LIBRARY_PATH especialmente creados para manipular la región heap/stack de la memoria, generando entonces un alias, lo que podría conllevar a la ejecución del código arbitrario. Tenga en cuenta que se han realizado cambios de refuerzo adicionales en glibc para evitar la manipulación del stack y heap de la memoria de almacenamiento dinámico, pero estos problemas no se pueden explotar directamente, por lo que no se les ha otorgado un CVE. • https://www.exploit-db.com/exploits/42276 https://www.exploit-db.com/exploits/42274 https://www.exploit-db.com/exploits/42275 http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Sep/7 http://www.debian.org/security/2017/dsa-3887 http://www.securityfocus.com/bid/99127 http://www.securitytracker.com/id/1038712 https://access.redhat.com/errata/RHSA-2017:1479 https://access.redhat.com/errata/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-5470 – Mozilla: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-5470

Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Se han reportado errores de seguridad de memoria en Firefox 53 y Firefox ESR 52.1. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/99041 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1359639%2C1349595%2C1352295%2C1352556%2C1342552%2C1342567%2C1346012%2C1366140%2C1368732%2C1297111%2C1362590%2C1357462%2C1363280%2C1349266%2C1352093%2C1348424%2C1347748%2C1356025%2C1325513%2C1367692 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-5472 – Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-5472

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en el frameloader durante la reconstrucción de árboles cuando se regenera el diseño CSS al intentar emplear un nodo en el árbol que ya no existe. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99040 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1365602 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0

CVE-2017-7749 – Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada al emplear una URL incorrecta durante la recarga de un docshell. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1355039 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •

CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 1

CVE-2017-7750 – Mozilla: Use-after-free with track elements (MFSA 2017-16)

https://notcve.org/view.php?id=CVE-2017-7750

A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada durante las operaciones de control de vídeo cuando un elemento "" mantiene una referencia a una ventana más antigua si esa ventana ha sido reemplazada en el DOM. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1356558 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •