CVSS: 9.8EPSS: 11%CPEs: 22EXPL: 1CVE-2017-7785 – Mozilla: Buffer overflow manipulating ARIA elements in DOM (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7785
10 Aug 2017 — A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir un desbordamiento de búfer al manipular atributos ARIA (Accessible Rich Internet Applications) en el DOM. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 12%CPEs: 23EXPL: 1CVE-2017-7786 – Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7786
10 Aug 2017 — A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Puede ocurrir un desbordamiento de búfer cuando el renderizador de imagen intenta pintar elementos SVG no mostrables. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/100206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 1CVE-2017-7787 – Mozilla: Same-origin policy bypass with iframes through page reloads (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7787
10 Aug 2017 — Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Las protecciones de política del mismo origen se pueden omitir en páginas con iframes embebidos durante la recarga de páginas, lo que permite que los iframes accedan a contenido en la página de nivel más alto, lo que conduce a una ... • http://www.securityfocus.com/bid/100234 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 1%CPEs: 22EXPL: 1CVE-2017-7791 – Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7791
10 Aug 2017 — On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. En las páginas que contienen un iframe, el protocolo "data:" se puede emplear para crear una alerta modal que se representará sobre dominios arbitrarios siguiendo la navegación, suplantando el origen de la... • http://www.securityfocus.com/bid/100240 • CWE-20: Improper Input Validation CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 10%CPEs: 22EXPL: 1CVE-2017-7792 – Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7792
10 Aug 2017 — A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Ocurrirá un desbordamiento de búfer al ver un certificado en el gestor de certificados si el certificado tiene un OID (Object Identifier) o identificador de objeto demasiado largo. Esto resulta en un cierre inesperado potencialme... • http://www.securityfocus.com/bid/100206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2017-1000111 – kernel: Heap out-of-bounds read in AF_PACKET sockets
https://notcve.org/view.php?id=CVE-2017-1000111
10 Aug 2017 — Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. • http://www.debian.org/security/2017/dsa-3981 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 78%CPEs: 52EXPL: 7CVE-2017-7525 – jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
https://notcve.org/view.php?id=CVE-2017-7525
31 Jul 2017 — A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.6.7.1, 2.7.9.1 y a la 2.8.9, que podría permitir que un usuario no autenticado ejecute código enviando las entradas maliciosamente manipuladas al método ... • https://packetstorm.news/files/id/145805 • CWE-20: Improper Input Validation CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4035
https://notcve.org/view.php?id=CVE-2015-4035
25 Jul 2017 — scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. El archivo scripts/xzgrep.in en xzgrep en versión 5.2.x anterior a la 5.0.0, hay una vulnerabilidad que no procesa de manera apropiada los nombres de los archivos que contienen punto y coma, lo que permite a los atacantes remotos ejecutar código arbitrario haciendo que un usuario ej... • http://seclists.org/oss-sec/2015/q2/484 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4984
https://notcve.org/view.php?id=CVE-2016-4984
14 Jul 2017 — /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it. La biblioteca /usr/libexec/openldap/generate-server-cert.sh en openldap-servers se establece permisos débiles para el certificado TLS, que permite a los usuarios locales obtener el certificado TLS mediante el aprovechamiento de una condición d... • https://bugzilla.redhat.com/show_bug.cgi?id=1346120 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 6%CPEs: 52EXPL: 7CVE-2017-1000366 – Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000366
19 Jun 2017 — glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. Glibc contiene una vulnerabilidad que permite que los valores LD_LIBRARY_PATH esp... • https://packetstorm.news/files/id/154361 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •