CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2017-12158 – keycloak: reflected XSS using HOST header
https://notcve.org/view.php?id=CVE-2017-12158
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server. Se ha descubierto que Keycloak podría aceptar una URL de cabecera HOST en la consola de administración y emplearla para determinar localizaciones de recursos web. Un atacante podría usar este fallo contra un usuario autenticado para lograr un XSS reflejado mediante un servidor malicioso. It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. • http://www.securityfocus.com/bid/101618 https://access.redhat.com/errata/RHSA-2017:2904 https://access.redhat.com/errata/RHSA-2017:2905 https://access.redhat.com/errata/RHSA-2017:2906 https://bugzilla.redhat.com/show_bug.cgi?id=1489161 https://access.redhat.com/security/cve/CVE-2017-12158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 10.0EPSS: 97%CPEs: 11EXPL: 2CVE-2017-12629 – Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-12629
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. Ocurre una ejecución remota de código en Apache Solr en versiones anteriores a la 7.1 con Apache Lucene en versiones anteriores a la 7.1 explotando XXE junto con el uso de un comando add-listener de la API de configuración para alcanzar la clase RunExecutableListener. • https://www.exploit-db.com/exploits/43009 http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E http://openwall.com/lists/oss-security/2017/10/13/1 http://www.securityfocus.com/bid/101261 https://access.redhat.com/errata/RHSA-2017:3123 https://access.redhat.com/errata/RHSA-2017:3124 https://access.redhat.com/errata/RHSA-2017:3244 https://access.redhat.com/errata/RHSA-2017:3451 https:/ • CWE-138: Improper Neutralization of Special Elements CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 30%CPEs: 54EXPL: 3CVE-2017-14491 – Dnsmasq < 2.78 - 2-byte Heap Overflow
https://notcve.org/view.php?id=CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada. A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. Dnsmasq versions prior to 2.78 suffer from a 2-byte heap-based overflow vulnerability. • https://www.exploit-db.com/exploits/42941 https://github.com/skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4560 http://nvidia.custhelp.com/a • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 1CVE-2017-7819 – Mozilla: Use-after-free while resizing images in design mode (MFSA 2017-22)
https://notcve.org/view.php?id=CVE-2017-7819
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Puede ocurrir una vulnerabilidad de uso de memoria previamente liberada cuando los objetos imagen se redimensionan si los objetos referenciados durante el redimensionamiento se han liberado de la memoria. Esto resulta en un cierre inesperado explotable. • http://www.securityfocus.com/bid/101055 http://www.securitytracker.com/id/1039465 https://access.redhat.com/errata/RHSA-2017:2831 https://access.redhat.com/errata/RHSA-2017:2885 https://bugzilla.mozilla.org/show_bug.cgi?id=1380292 https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3987 https://www.debian.org/security/2017/dsa-4014 https://www.mozilla.org/security/advisor • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2017-7810 – Mozilla: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 (MFSA 2017-22)
https://notcve.org/view.php?id=CVE-2017-7810
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. Se han informado de errores de seguridad de memoria en Firefox 55 y Firefox ESR 52.3. Algunos de estos errores mostraron evidencias de corrupción de memoria y se cree que, con el esfuerzo necesario, se podrían explotar para ejecutar código arbitrario. • http://www.securityfocus.com/bid/101054 http://www.securitytracker.com/id/1039465 https://access.redhat.com/errata/RHSA-2017:2831 https://access.redhat.com/errata/RHSA-2017:2885 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598 https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html https://security.gentoo.org/glsa/201803-14 https://usn.ubuntu.com/3688-1 https://www.debian.org/security/2017/dsa-3987&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •