CVSS: 9.8EPSS: 12%CPEs: 16EXPL: 2CVE-2017-11282 – Adobe Flash - Out-of-Bounds Read in applyToRange
https://notcve.org/view.php?id=CVE-2017-11282
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. Adobe Flash Player tiene una vulnerabilidad de corrupción de memoria explotable en el analizador sintáctico de átomos MP4. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. • https://www.exploit-db.com/exploits/42783 http://packetstormsecurity.com/files/144332/Adobe-Flash-appleToRange-Out-Of-Bounds-Read.html http://www.securityfocus.com/bid/100716 http://www.securitytracker.com/id/1039314 https://access.redhat.com/errata/RHSA-2017:2702 https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-6956
https://notcve.org/view.php?id=CVE-2017-6956
On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE). En el Broadcom Wi-Fi HardMAC SoC con firmware fbt, se produce un desbordamiento del búfer de la pila al manejar una respuesta de autenticación 802.11r (FT), que conduce a la ejecución remota de código a través de un punto de acceso manipulado que envía un archivo largo R0KH-ID en un Fast BSS Transition Information Element (FT-IE). • https://bugs.chromium.org/p/project-zero/issues/detail?id=1059 https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2017-0358 – ntfs-3g: Modprobe influence vulnerability via environment variables
https://notcve.org/view.php?id=CVE-2017-0358
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. ... Jann Horn, de Google Project Zero, descubrió que NTFS-3G, un controlador NTFS de lectura-escritura para FUSE, no limpia en profundidad el entorno antes de ejecutar modprobe con privilegios elevados. • https://www.exploit-db.com/exploits/41356 https://www.exploit-db.com/exploits/41240 http://www.openwall.com/lists/oss-security/2017/02/04/1 http://www.securityfocus.com/bid/95987 https://marc.info/?l=oss-security&m=148594671929354&w=2 https://security.gentoo.org/glsa/201702-10 https://www.debian.org/security/2017/dsa-3780 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 87%CPEs: 54EXPL: 0CVE-2017-3823 – Cisco WebEx Chrome Extension Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-3823
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. ... Se descubrió un problema en Cisco WebEx Extension en versiones anteriores a 1.0.7 en Google Chrome, el ActiveTouch General Pluging Container en versiones anteriores a 106 en Mozilla Firefox, el plugin de control GpcContainer Class Active X en versiones anteriores a 2.1.0.10 en Internet Explorer. • http://www.securityfocus.com/bid/95737 http://www.securitytracker.com/id/1037680 https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html https://blog.filippo.io/webex-extension-vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 1CVE-2016-6772 – Google Android - WifiNative::setHotlist Stack Overflow
https://notcve.org/view.php?id=CVE-2016-6772
An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351. • https://www.exploit-db.com/exploits/40945 http://www.securityfocus.com/bid/94701 https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-264: Permissions, Privileges, and Access Controls •