CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1CVE-2017-11147 – php: Out-of-bounds read in phar_parse_pharfile
https://notcve.org/view.php?id=CVE-2017-11147
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c. En PHP anterior a versión 5.6.30 y versión 7.x anterior a 7.0.15, el manejador de archivos PHAR podría ser utilizado por archivos maliciosos suministrados por los atacantes para bloquear el intérprete PHP o potencialmente divulgar información debido a una lectura excesiva de búfer en la función phar_parse_pharfile en el archivo ext/phar/phar.c. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5246580a85f031e1a3b8064edbaa55c1643a451 http://openwall.com/lists/oss-security/2017/07/10/6 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/99607 https://access.redhat.com/errata/RHSA-2018:1296 https://bugs.php.net/bug.php?id=73773 https://security.netapp.com/advisory/ntap-20180112-0001 https://www.tenable.com/security/tns-2017-12 https://access.redhat.com/security/cve • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3400
https://notcve.org/view.php?id=CVE-2016-3400
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. Data ONTAP versiones 8.1 y 8.2 de NetApp, cuando operan en modo 7, permiten a atacantes de tipo man-in-the-middle obtener información confidencial, alcanzar privilegios o causar una denegación de servicio por medio de vectores relacionados con el protocolo SMB. • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063 http://www.securityfocus.com/bid/99101 https://exchange.xforce.ibmcloud.com/vulnerabilities/113589 https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3997
https://notcve.org/view.php?id=CVE-2016-3997
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. NetApp Clustered Data ONTAP permite a los atacantes de man-in-the-middle obtener información confidencial, obtener privilegios o provocar una denegación de servicio al aprovechar el fallo para habilitar la aplicación de firmas SMB en su estado por defecto. • http://www-01.ibm.com/support/docview.wss?uid=ssg1S1006063 https://kb.netapp.com/support/s/article/ka51A0000008SXzQAM/smb-vulnerabilities-in-multiple-netapp-products • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 27%CPEs: 39EXPL: 0CVE-2017-7668 – httpd: ap_find_token() buffer overread
https://notcve.org/view.php?id=CVE-2017-7668
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. Los cambios en el análisis sintáctico estricto de HTTP añadidos en las versiones 2.2.32 y 2.4.24 de Apache httpd introdujeron un error en el análisis de listas de tokens. Esto permite que ap_find_token() busque más allá del final de la cadena de entrada. Un atacante puede conseguir causar un fallo de segmentación o forzar a que ap_find_token() devuelva un valor incorrecto mediante la manipulación de una secuencia de cabeceras de peticiones con fines maliciosos. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99137 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b%40%3Cdev.httpd. • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 9.8EPSS: 1%CPEs: 35EXPL: 0CVE-2017-3167 – httpd: ap_get_basic_auth_pw() authentication bypass
https://notcve.org/view.php?id=CVE-2017-3167
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. En Apache httpd, en versiones 2.2.x anteriores a la 2.2.33 y versiones 2.4.x anteriores a la 2.4.26, el uso de ap_get_basic_auth_pw() por parte de módulos de terceros fuera de la fase de autenticación puede dar lugar a que se omitan requisitos de autenticación.. It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. • http://www.debian.org/security/2017/dsa-3896 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99135 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3194 https://access.redhat.com/errata/RHS • CWE-287: Improper Authentication •