Page 109 of 580 results (0.007 seconds)

CVSS: 7.5EPSS: 6%CPEs: 15EXPL: 0

Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function. Vulnerabilidad de uso después de liberación de memoria en Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos ejecutar código arbitrario desencadenando el intento de uso de un canal de datos que ha sido cerrado mediante una función WebRTC. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http://lists.opensuse.org/opensuse-security-announce& • CWE-416: Use After Free •

CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 43.0 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg000 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. Desbordamiento de buffer basado en memoria dinámica en la función xmlGROW en parser.c en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto obtener información sensible de la memoria de proceso a través de vectores no especificados. A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html http://marc.info/?l=bugtraq&m=145382616617563&w=2 http://rhn.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.5EPSS: 82%CPEs: 9EXPL: 1

Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones anteriores a 3.0.6 permite a atacantes dependientes de contexto con permiso para ejecutar código Lua en una sesión Redis provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente eludir restricciones destinadas a la sandbox a través de un número grande, lo que desencadena un desbordamiento de buffer basado en pila. An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server (denial of service) or gain code execution outside of the Lua sandbox. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html http://rhn.redhat.com/errata/RHSA-2016-0095.html http://rhn.redhat.com/errata/RHSA-2016-0096.html http://rhn.redhat.com/errata/RHSA-2016-0097.html http://www.debian.org/security/2015/dsa-3412 http://www.openwall.com/lists/oss-security/2015/11/06/2 http://www.openwall.com/lists/oss-security/2015/11/06/4 http://www.securityfocus.com/bid/77507 https://github.com/antirez/redis/issues/2855 https&# • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 1%CPEs: 43EXPL: 0

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. Desbordamiento de entero en la función index_urlfetch en imap/index.c en Cyrus IMAP 2.3.19, 2.4.18 y 2.5.6 permite a atacantes remotos tener un impacto no especificado a través de vectores relacionados con comprobaciones del intervalo urlfetch y la variable section_offset. NOTA: esta vulnerabilidad existe debido a una solución incompleta de la CVE-2015-8076. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html http://www.openwall.com/lists/oss-security/2015/11/04/3 http://www.securitytracker.com/id/1034282 https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2 https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html • CWE-189: Numeric Errors •