CVSS: 7.5EPSS: 70%CPEs: 39EXPL: 0CVE-2017-7668 – httpd: ap_find_token() buffer overread
https://notcve.org/view.php?id=CVE-2017-7668
20 Jun 2017 — The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. Los cambios en el análisis sintáctico estricto de HTTP añadidos en las versiones 2.2.32 y 2.4.24 de Apache httpd introdujeron un error en el análisis de listas... • http://www.debian.org/security/2017/dsa-3896 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 9.8EPSS: 9%CPEs: 35EXPL: 0CVE-2017-3167 – httpd: ap_get_basic_auth_pw() authentication bypass
https://notcve.org/view.php?id=CVE-2017-3167
20 Jun 2017 — In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. En Apache httpd, en versiones 2.2.x anteriores a la 2.2.33 y versiones 2.4.x anteriores a la 2.4.26, el uso de ap_get_basic_auth_pw() por parte de módulos de terceros fuera de la fase de autenticación puede dar lugar a que se omitan requisitos de autenticación.. It was discovered that the use of httpd... • http://www.debian.org/security/2017/dsa-3896 • CWE-287: Improper Authentication •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2017-1000376 – Qualys Security Advisory - the Stack Clash
https://notcve.org/view.php?id=CVE-2017-1000376
19 Jun 2017 — libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. libffi solicita una pila ejecutable que permite que los atacantes desencadenen con más fa... • http://www.debian.org/security/2017/dsa-3889 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 6%CPEs: 52EXPL: 7CVE-2017-1000366 – Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000366
19 Jun 2017 — glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. Glibc contiene una vulnerabilidad que permite que los valores LD_LIBRARY_PATH esp... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 0CVE-2017-5470 – Mozilla: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-5470
14 Jun 2017 — Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Se han reportado errores de seguridad de memoria en Firefox 53 y Firefox ESR 52.1. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, a... • http://www.securityfocus.com/bid/99041 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 0CVE-2017-5472 – Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-5472
14 Jun 2017 — A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en el frameloader durante la reconstrucción de árboles cuando se regenera el diseño CSS al intentar emplear un nodo en el árbol que ya no existe. Esto... • http://www.securityfocus.com/bid/99040 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 0CVE-2017-7749 – Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7749
14 Jun 2017 — A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada al emplear una URL incorrecta durante la recarga de un docshell. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-7750 – Mozilla: Use-after-free with track elements (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7750
14 Jun 2017 — A use-after-free vulnerability during video control operations when a "
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 1CVE-2017-7751 – Mozilla: Use-after-free with content viewer listeners (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7751
14 Jun 2017 — A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en los escuchadores del visor de contenido que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la ... • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-7752 – Mozilla: Use-after-free with IME input (MFSA 2017-16)
https://notcve.org/view.php?id=CVE-2017-7752
14 Jun 2017 — A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada durante interacciones de usuario específicas con el IME (input method editor) en algunos lenguajes debido a la forma en ... • http://www.securityfocus.com/bid/99057 • CWE-416: Use After Free •