Page 107 of 802 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en el frameloader durante la reconstrucción de árboles cuando se regenera el diseño CSS al intentar emplear un nodo en el árbol que ya no existe. Esto resulta en un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/99040 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1365602 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1

A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Vulnerabilidad de uso de memoria previamente liberada en los escuchadores del visor de contenido que resulta en un cierre inesperado potencialmente explotable. La vulnerabilidad afecta a Firefox en versiones anteriores a la 54, Firefox ESR en versiones anteriores a la 52.2 y Thunderbird en versiones anteriores a la 52.2. • http://www.securityfocus.com/bid/99057 http://www.securitytracker.com/id/1038689 https://access.redhat.com/errata/RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1561 https://bugzilla.mozilla.org/show_bug.cgi?id=1363396 https://www.debian.org/security/2017/dsa-3881 https://www.debian.org/security/2017/dsa-3918 https://www.mozilla.org/security/advisories/mfsa2017-15 https://www.mozilla.org/security/advisories/mfsa2017-16 https://www.mozilla.org/security/advisories • CWE-416: Use After Free •

CVSS: 9.0EPSS: 2%CPEs: 18EXPL: 0

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. En Mercurial, en versiones anteriores a la 4.1.3, \"hg serve --stdio\" permite que usuarios autenticados remotos inicien el depurador de Python y, como consecuencia, ejecuten código arbitrario utilizando --debugger como nombre del repositorio. A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options. • http://www.debian.org/security/2017/dsa-3963 http://www.securityfocus.com/bid/99123 https://access.redhat.com/errata/RHSA-2017:1576 https://bugs.debian.org/861243 https://lists.debian.org/debian-lts-announce/2018/07/msg00005.html https://security.gentoo.org/glsa/201709-18 https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499 https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29 https://access.redhat.com/security/cve/CVE-2017-9462 https: • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 2

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. smbd en Samba versiones anteriores a 4.4.10 y 4.5.x versiones anteriores a 4.5.6, tienen una vulnerabilidad de denegación de servicio (fd_open_atomic infinite loop con un alto uso de CPU y consumo de memoria) debido a un manejo inadecuado de los enlaces simbólicos colgantes. A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. • http://www.securityfocus.com/bid/99455 https://access.redhat.com/errata/RHSA-2017:1950 https://access.redhat.com/errata/RHSA-2017:2338 https://access.redhat.com/errata/RHSA-2017:2778 https://bugs.debian.org/864291 https://bugzilla.samba.org/show_bug.cgi?id=12572 https://git.samba.org/?p=samba.git%3Ba=commit%3Bh=10c3e3923022485c720f322ca4f0aca5d7501310 https://lists.debian.org/debian-lts-announce/2019/04/msg00013.html https://access.redhat.com/security/cve/CVE-2017-9461 https: • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.5EPSS: 89%CPEs: 16EXPL: 1

servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. servers/slapd/back-mdb/search.c en OpenLDAP hasta la versión 2.4.44 es propenso a una doble vulnerabilidad de liberación de memoria. Un usuario con acceso para buscar en el directorio puede hacer que slapd deje de funcionar al emitir una búsqueda que incluya el control Paged Results con un tamaño de página de 0. A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. • http://www.debian.org/security/2017/dsa-3868 http://www.openldap.org/its/?findid=8655 http://www.securityfocus.com/bid/98736 http://www.securitytracker.com/id/1038591 https://access.redhat.com/errata/RHSA-2017:1852 https://bugs.debian.org/863563 https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-2017-9287 https://bugzilla.redhat.com/show_bug.cgi?id=1456712 • CWE-415: Double Free CWE-416: Use After Free •