CVSS: 5.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10347 – OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)
https://notcve.org/view.php?id=CVE-2017-10347
19 Oct 2017 — Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability ... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10357 – OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)
https://notcve.org/view.php?id=CVE-2017-10357
19 Oct 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 10%CPEs: 16EXPL: 0CVE-2015-5739 – golang: HTTP request smuggling in net/http library
https://notcve.org/view.php?id=CVE-2015-5739
18 Oct 2017 — The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." La biblioteca net/http en net/textproto/reader.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente claves de cabecera HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 6%CPEs: 16EXPL: 0CVE-2015-5740 – golang: HTTP request smuggling in net/http library
https://notcve.org/view.php?id=CVE-2015-5740
18 Oct 2017 — The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. La biblioteca net/http en net/http/transfer.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente cabeceras HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de peticiones HTTP mediante una petición con dos cabeceras Content-lengt... • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 4%CPEs: 87EXPL: 0CVE-2017-0903 – rubygems: Unsafe object deserialization through YAML formatted gem specifications
https://notcve.org/view.php?id=CVE-2017-0903
11 Oct 2017 — RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. Las versiones de RubyGems entre la 2.0.0 y la 2.6.13 son vulnerables a una posible vulnerabilidad de ejecución remota de código. La deserialización YAML de especificaciones de gemas puede omitir listas blancas de clases. • http://blog.rubygems.org/2017/10/09/2.6.14-released.html • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 6%CPEs: 11EXPL: 0CVE-2017-15041 – golang: arbitrary code execution during "go get" or "go get -d"
https://notcve.org/view.php?id=CVE-2017-15041
05 Oct 2017 — Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repositor... • http://www.securityfocus.com/bid/101196 •
CVSS: 8.0EPSS: 3%CPEs: 43EXPL: 7CVE-2017-1000251 – Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-1000251
12 Sep 2017 — The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. La pila Bluetooth nativa en el Kernel Linux (BlueZ), comenzando por la versión 2.6.32 del kernel de Linux y hasta, e incluyendo, la versión 4.13.1, es vulnerable a un desbordamiento de pila durante el procesado de las respuestas... • https://packetstorm.news/files/id/144307 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2017-12896 – Gentoo Linux Security Advisory 201709-23
https://notcve.org/view.php?id=CVE-2017-12896
09 Sep 2017 — The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). El analizador sintáctico ISAKMP en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-isakmp.c:isakmp_rfc3948_print(). Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. For the oldstable distribution (jes... • http://www.debian.org/security/2017/dsa-3971 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2017-12987 – Gentoo Linux Security Advisory 201709-23
https://notcve.org/view.php?id=CVE-2017-12987
09 Sep 2017 — The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). El analizador sintáctico IEEE 802.11 en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-802_11.c:parse_elements(). Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. For the oldstable distribution (jessi... • http://www.debian.org/security/2017/dsa-3971 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2017-12899 – Gentoo Linux Security Advisory 201709-23
https://notcve.org/view.php?id=CVE-2017-12899
09 Sep 2017 — The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). El analizador sintáctico DECnet en tcpdump en versiones anteriores a la 4.9.2 tiene una vulnerabilidad de sobrelectura de búfer en print-decnet.c:decnet_print(). Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. For the oldstable distribution (jessie), these prob... • http://www.debian.org/security/2017/dsa-3971 • CWE-125: Out-of-bounds Read •