46 results (0.008 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. Se encontró un fallo en la configuración predeterminada de dnsmasq, como es enviado con Fedora versiones anteriores a 31 y en todas las versiones de Red Hat Enterprise Linux, donde escucha en cualquier interfaz y acepta consultas de direcciones fuera de su subred local. • https://bugzilla.redhat.com/show_bug.cgi?id=1851342 • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una confusión de tipo en JavaScript en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1028862 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes. mysql-gui-tools (mysql-query-browser y mysql-admin) versiones anteriores a 5.0r14+openSUSE-2.3 expone la contraseña de un usuario conectado al servidor MySQL en forma de texto sin cifrar por medio de la lista de procesos en ejecución. • http://www.securityfocus.com/bid/97959 https://access.redhat.com/security/cve/cve-2010-4177 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605542 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4177 https://security-tracker.debian.org/tracker/CVE-2010-4177 https://www.openwall.com/lists/oss-security/2010/11/16/6 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 6.5EPSS: 2%CPEs: 7EXPL: 1

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. Es posible causar una condición DoS causando que el servidor se bloquee en alien-arena versión 7.33, al proporcionar varios parámetros no válidos al comando de descarga. • https://access.redhat.com/security/cve/cve-2010-3439 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575621 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3439 https://security-tracker.debian.org/tracker/CVE-2010-3439 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server. libpoe-component-irc-perl versiones anteriores a v6.32, no elimina los retornos de carro y los avances de línea. Esto puede ser utilizado para ejecutar comandos IRC arbitrarios al pasar un argumento como "some text\rQUIT" hacia el manejador "privmsg", lo que causaría que el cliente se desconecte del servidor. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438 https://security-tracker.debian.org/tracker/CVE-2010-3438 • CWE-134: Use of Externally-Controlled Format String •