CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 1CVE-2017-7807 – Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19)
https://notcve.org/view.php?id=CVE-2017-7807
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Un mecanismo que utiliza AppCache para secuestrar una URL en un dominio utilizando fallback sirviendo los archivos desde una subruta en el dominio. Esto se ha solucionado al requerir que los archivos fallback estén dentro del directorio manifest. • http://www.securityfocus.com/bid/100242 http://www.securitytracker.com/id/1039124 https://access.redhat.com/errata/RHSA-2017:2456 https://access.redhat.com/errata/RHSA-2017:2534 https://bugzilla.mozilla.org/show_bug.cgi?id=1376459 https://security.gentoo.org/glsa/201803-14 https://www.debian.org/security/2017/dsa-3928 https://www.debian.org/security/2017/dsa-3968 https://www.mozilla.org/security/advisories/mfsa2017-18 https://www.mozilla.org/security/advisories/mfsa2017-19 • CWE-20: Improper Input Validation CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.5EPSS: 4%CPEs: 25EXPL: 0CVE-2017-10664 – Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
https://notcve.org/view.php?id=CVE-2017-10664
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. qemu-nbd en QEMU (Quick Emulator) no ignora la señal SIGPIPE, lo que permite a atacantes remotos provocar una denegación de servicio desconectando el proceso durante un intento de respuesta de servidor a cliente. Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a Denial of Service (DoS). • http://www.debian.org/security/2017/dsa-3920 http://www.openwall.com/lists/oss-security/2017/06/29/1 http://www.securityfocus.com/bid/99513 https://access.redhat.com/errata/RHSA-2017:2390 https://access.redhat.com/errata/RHSA-2017:2445 https://access.redhat.com/errata/RHSA-2017:3466 https://access.redhat.com/errata/RHSA-2017:3470 https://access.redhat.com/errata/RHSA-2017:3471 https://access.redhat.com/errata/RHSA-2017:3472 https://access.redhat.com/errata/RH • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2017-3651 – mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017)
https://notcve.org/view.php?id=CVE-2017-3651
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). • http://rhn.redhat.com/errata/RHSA-2016-2927.html http://rhn.redhat.com/errata/RHSA-2016-2928.html http://www.debian.org/security/2017/dsa-3922 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/99802 http://www.securitytracker.com/id/1038928 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/errat •
CVSS: 8.1EPSS: 0%CPEs: 46EXPL: 0CVE-2017-10078 – OpenJDK: Nashorn incompletely blocking access to Java APIs (Scripting, 8171539)
https://notcve.org/view.php?id=CVE-2017-10078
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. • http://www.debian.org/security/2017/dsa-3919 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/99752 http://www.securitytracker.com/id/1038931 https://access.redhat.com/errata/RHSA-2017:1789 https://access.redhat.com/errata/RHSA-2017:1790 https://access.redhat.com/errata/RHSA-2017:2469 https://access.redhat.com/errata/RHSA-2017:3453 https://cert.vde.com/en-us/advisories/vde-2017-002 https://security.gentoo.org/g •
CVSS: 9.6EPSS: 0%CPEs: 44EXPL: 0CVE-2017-10111 – OpenJDK: incorrect range checks in LambdaFormEditor (Libraries, 8184185)
https://notcve.org/view.php?id=CVE-2017-10111
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. • http://www.debian.org/security/2017/dsa-3919 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/99707 http://www.securitytracker.com/id/1038931 https://access.redhat.com/errata/RHSA-2017:1789 https://access.redhat.com/errata/RHSA-2017:1790 https://security.gentoo.org/glsa/201709-22 https://security.netapp.com/advisory/ntap-20170720-0001 https://access.redhat.com/security/cve/CVE-2017-10111 https://bugzilla.redhat.com/sho • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •