CVSS: 9.8EPSS: 12%CPEs: 16EXPL: 3CVE-2017-11281 – Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing
https://notcve.org/view.php?id=CVE-2017-11281
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. Adobe Flash Player tiene una vulnerabilidad de corrupción de memoria explotable en la función de manipulación de texto. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. • https://www.exploit-db.com/exploits/42781 https://www.exploit-db.com/exploits/42782 http://www.securityfocus.com/bid/100710 http://www.securitytracker.com/id/1039314 https://access.redhat.com/errata/RHSA-2017:2702 https://helpx.adobe.com/security/products/flash-player/apsb17-28.html https://security.gentoo.org/glsa/201709-16 https://www.youtube.com/watch?v=CvmnUeza9zw https://access.redhat.com/security/cve/CVE-2017-11281 https://bugzilla.redhat.com/show_bug.cgi?id=149111 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7553 – kernel: nfnetlink race in NETLINK_NFLOG socket creation
https://notcve.org/view.php?id=CVE-2015-7553
Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. Una condición de carrera en el kernel en Red Hat Enterprise Linux 7, kernel-rt y Red Hat Enterprise MRG 2 permite que usuarios locales provoquen una denegación de servicio (pánico) mediante la creación de sockets netlink cuando se carga el módulo nfnetlink_log. A race-condition flaw was discovered in the kernel's netlink module creation, which can trigger a kernel panic in netlink_release->module_put for local users creating netlink sockets. The flaw is specific to Red Hat Enterprise Linux and does not affect upstream kernels. The nfnetlink_log module must be loaded before the flaw can occur. • https://bugzilla.redhat.com/show_bug.cgi?id=1288934 https://access.redhat.com/security/cve/CVE-2015-7553 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.0EPSS: 0%CPEs: 43EXPL: 5CVE-2017-1000251 – Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-1000251
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. La pila Bluetooth nativa en el Kernel Linux (BlueZ), comenzando por la versión 2.6.32 del kernel de Linux y hasta, e incluyendo, la versión 4.13.1, es vulnerable a un desbordamiento de pila durante el procesado de las respuestas de configuración L2CAP, lo que desemboca en la ejecución remota de código en el espacio del kernel. A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. • https://www.exploit-db.com/exploits/42762 https://github.com/hayzamjs/Blueborne-CVE-2017-1000251 https://github.com/own2pwn/blueborne-CVE-2017-1000251-POC https://github.com/sgxgsx/blueborne-CVE-2017-1000251 https://github.com/tlatkdgus1/blueborne-CVE-2017-1000251 http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.debian.org/security/2017/dsa-3981 http://www.securityfocus.com/bid/100809 http://www.securitytracker.com/id/1039373 https://access.redhat.com/errata& • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-5120 – chromium-browser: potential https downgrade during redirect navigation
https://notcve.org/view.php?id=CVE-2017-5120
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial "www." substring). El uso incorrecto de redirecciones no coincidentes de www en la navegación por el explorador en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Mac, Windows y Linux y a la 61.0.3163.81 para Android, permitía que un atacante remoto degradase las peticiones HTTPS a HTTP mediante una página HTML manipulada. En otras palabras, Chrome podría transmitir texto en claro incluso aunque el usuario hubiese introducido una URL https. Esto se debe a un método alternativo mal diseñado para los casos en los que el nombre de dominio en una URL casi coincide con el nombre de dominio en un certificado del servidor X.509 (pero difiere en la subcadena "www." inicial). • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/718676 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5120 https://bugzilla.redhat.com/show_bug.cgi?id=1488782 •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2017-5114 – chromium-browser: memory lifecycle issue in pdfium
https://notcve.org/view.php?id=CVE-2017-5114
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. El uso incorrecto de asignaciones de particiones en PDFium en Google Chrome, en versiones anteriores a la 61.0.3163.79 para Linux, Windows y Mac y a la 61.0.3163.81 para Android, permitía que un atacante remoto pudiese explotar una corrupción de memoria mediante un archivo PDF manipulado. • http://www.debian.org/security/2017/dsa-3985 http://www.securityfocus.com/bid/100610 http://www.securitytracker.com/id/1039291 https://access.redhat.com/errata/RHSA-2017:2676 https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html https://crbug.com/752829 https://security.gentoo.org/glsa/201709-15 https://access.redhat.com/security/cve/CVE-2017-5114 https://bugzilla.redhat.com/show_bug.cgi?id=1488775 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •