CVSS: 10.0EPSS: 1%CPEs: 14EXPL: 0CVE-2017-7779 – Mozilla: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7779
10 Aug 2017 — Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Se han reportado errores de seguridad de memoria en Firefox 54, Firefox ESR 52.2, y Thunderbird 52.2. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entie... • http://www.securityfocus.com/bid/100201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 82%CPEs: 52EXPL: 7CVE-2017-7525 – jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
https://notcve.org/view.php?id=CVE-2017-7525
31 Jul 2017 — A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.6.7.1, 2.7.9.1 y a la 2.8.9, que podría permitir que un usuario no autenticado ejecute código enviando las entradas maliciosamente manipuladas al método ... • https://packetstorm.news/files/id/145805 • CWE-20: Improper Input Validation CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 5%CPEs: 25EXPL: 0CVE-2017-10664 – Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
https://notcve.org/view.php?id=CVE-2017-10664
26 Jul 2017 — qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. qemu-nbd en QEMU (Quick Emulator) no ignora la señal SIGPIPE, lo que permite a atacantes remotos provocar una denegación de servicio desconectando el proceso durante un intento de respuesta de servidor a cliente. Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash ... • http://www.debian.org/security/2017/dsa-3920 • CWE-248: Uncaught Exception •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2017-3636 – mysql: Client programs unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3636
20 Jul 2017 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a s... • http://www.debian.org/security/2017/dsa-3922 •
CVSS: 7.5EPSS: 0%CPEs: 51EXPL: 0CVE-2017-10067 – OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)
https://notcve.org/view.php?id=CVE-2017-10067
20 Jul 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 8.3EPSS: 0%CPEs: 50EXPL: 0CVE-2017-10074 – OpenJDK: integer overflows in range check loop predicates (Hotspot, 8173770)
https://notcve.org/view.php?id=CVE-2017-10074
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signif... • http://www.debian.org/security/2017/dsa-3919 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.6EPSS: 0%CPEs: 48EXPL: 0CVE-2017-10087 – OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204)
https://notcve.org/view.php?id=CVE-2017-10087
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signif... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 9.6EPSS: 0%CPEs: 51EXPL: 0CVE-2017-10089 – OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461)
https://notcve.org/view.php?id=CVE-2017-10089
20 Jul 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can ... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 9.6EPSS: 0%CPEs: 48EXPL: 0CVE-2017-10090 – OpenJDK: insufficient access control checks in AsynchronousChannelGroupImpl (8172465, Libraries)
https://notcve.org/view.php?id=CVE-2017-10090
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly... • http://www.debian.org/security/2017/dsa-3919 •
CVSS: 9.6EPSS: 0%CPEs: 49EXPL: 0CVE-2017-10096 – OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)
https://notcve.org/view.php?id=CVE-2017-10096
20 Jul 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significant... • http://www.debian.org/security/2017/dsa-3919 •