Page 104 of 580 results (0.015 seconds)

CVSS: 5.5EPSS: 0%CPEs: 84EXPL: 2

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. FFmpeg 2.x permite a atacantes remotos llevar a cabo ataques de origen cruzado y leer archivos arbitrarios usando el protocolo concat en un archivo HTTP Live Streaming (HLS) M3U8, dando lugar a una petición HTTP externa en la que la cadena URL contiene la primera línea de un archivo local. • http://habrahabr.ru/company/mailru/blog/274855 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html http://security.stackexchange.com/questions/110644 http://www.debian.org/security/2016/dsa-3506 http://www.openwall.com/lists/oss-security/2016/01/14/1 http://www.securityfocus.com/bid/80501 http://www.securitytracker.com/id/1034932 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036 http://www.ubuntu.com/usn • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. La función de verificación en el paquete RSA para Phython (Python-RSA) en versiones anteriores a 3.3 permite a atacantes falsificar firmas con un exponente público pequeño a través de un relleno de firma manipulado, también conocido como un ataque BERserk. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175897.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175942.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00032.html http://www.openwall.com/lists/oss-security/2016/01/05/1 http://www.openwall.com/lists/oss-security/2016/01/05/3 http://www.securityfocus.com/bid/79829 https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff https: • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. La función CoreUserInputHandler::doMode en core/coreuserinputhandler.cpp en Quassel 0.10.0 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través del comando "/op *" en una consulta. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html http://www.openwall.com/lists/oss-security/2015/12/12/1 http://www.openwall.com/lists/oss-security/2015/12/13/1 https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7 https://github.com/quassel/quassel/pull/153 • CWE-17: DEPRECATED: Code •

CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. Gummi 0.6.5 permite a usuarios locales escribir en archivos arbitrarios a través de un ataque de enlace simbólico en un archivo temporal dot que usa el nombre de un archivo existente y la extensión (1) .aux, (2) .log, (3) .out, (4) .pdf o (5) .toc para el nombre de archivo, según lo demostrado por .thesis.tex.aux. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178582.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178642.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00117.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00150.html http://www.openwall.com/lists/oss-security/2015/10/08/4 http://www.openwall.com/lists/oss-security/2015/10/08/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756432 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Mozilla Network Security Services (NSS) en versiones anteriores a 3.20.2, tal como se utiliza en Mozilla Firefox en versiones anteriores a 43.0.2 y Firefox ESR 38.x en versiones anteriores a 38.5.2, no rechaza las firmas MD5 en mensajes Server Key Exchange en el tráfico de TLS 1.2 Handshake Protocol, lo que facilita a atacantes man-in-the-middle falsificar servidores desencadenando una colisión. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. • http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-01 • CWE-19: Data Processing Errors •