CVSS: 9.1EPSS: 2%CPEs: 18EXPL: 1CVE-2017-7753 – Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7753
10 Aug 2017 — An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurre una lectura fuera de límites al aplicar reglas de estilo a pseudo-elementos, como ::first-line, mediante el uso de datos de estilo en caché. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.3, Firefox ESR en versiones anteriores a la 52.3 y Firefox en versiones anteriores a l... • http://www.securityfocus.com/bid/100315 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7807 – Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7807
10 Aug 2017 — A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Un mecanismo que utiliza AppCache para secuestrar una URL en un dominio utilizando fallback sirviendo los archivos desde una subruta en el dominio. Esto se ha solucionado al requerir que los archivos fallback estén ... • http://www.securityfocus.com/bid/100242 • CWE-20: Improper Input Validation CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.5EPSS: 5%CPEs: 25EXPL: 0CVE-2017-10664 – Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
https://notcve.org/view.php?id=CVE-2017-10664
26 Jul 2017 — qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. qemu-nbd en QEMU (Quick Emulator) no ignora la señal SIGPIPE, lo que permite a atacantes remotos provocar una denegación de servicio desconectando el proceso durante un intento de respuesta de servidor a cliente. Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash ... • http://www.debian.org/security/2017/dsa-3920 • CWE-248: Uncaught Exception •
CVSS: 5.3EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10053 – OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)
https://notcve.org/view.php?id=CVE-2017-10053
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Ja... • http://www.debian.org/security/2017/dsa-3919 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.9EPSS: 0%CPEs: 17EXPL: 0CVE-2017-3641 – mysql: Server: DML unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3641
20 Jul 2017 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Ava... • http://www.debian.org/security/2017/dsa-3922 •
CVSS: 6.8EPSS: 0%CPEs: 53EXPL: 0CVE-2017-10198 – OpenJDK: incorrect enforcement of certificate path restrictions (Security, 8179998)
https://notcve.org/view.php?id=CVE-2017-10198
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Succ... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 9.6EPSS: 0%CPEs: 51EXPL: 0CVE-2017-10089 – OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461)
https://notcve.org/view.php?id=CVE-2017-10089
20 Jul 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can ... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 0CVE-2017-10108 – OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105)
https://notcve.org/view.php?id=CVE-2017-10108
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial... • http://www.debian.org/security/2017/dsa-3919 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.6EPSS: 0%CPEs: 51EXPL: 0CVE-2017-10107 – OpenJDK: insufficient access control checks in ActivationID (RMI, 8173697)
https://notcve.org/view.php?id=CVE-2017-10107
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantl... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 9.0EPSS: 0%CPEs: 52EXPL: 0CVE-2017-10102 – OpenJDK: incorrect handling of references in DGC (RMI, 8163958)
https://notcve.org/view.php?id=CVE-2017-10102
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in ... • http://www.debian.org/security/2017/dsa-3919 •