Page 11 of 190 results (0.008 seconds)

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. osc anterior a 0.151.0 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un archivo _service. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154257.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154267.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154117.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00012.html http://www.securityfocus.com/bid/73114 https://bugzilla.suse.com/show_bug.cgi?id=901643 https://security.gentoo.or • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. La función kex_agree_methods en libssh2 anterior a 1.5.0 permite a servidores remotos causar una denegación de servicio (caída) o tener otro impacto sin especificar a través de valores de longitud modificados en un paquete SSH_MSG_KEXINIT. A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151943.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152362.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153933.html http://www.debian.org/security/2015/dsa-3182 http://www.libssh2.org/adv_20150311.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:148 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid • CWE-20: Improper Input Validation CWE-130: Improper Handling of Length Parameter Inconsistency •

CVSS: 2.1EPSS: 0%CPEs: 38EXPL: 0

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. La hiperllamada HYPERVISOR_xen_version en Xen 3.2.x hasta 4.5.x ni inicializa correctamente las estructuras de datos, lo que permite a usuarios locales invitados obtener información sensible a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://support.citrix.com/article/CTX200484 http://www.debian.org/security/2015/dsa-3181 http://www.securityfocus.com/bid/72955 http://www.securitytracker.com/id/1031806 http://www. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 38EXPL: 0

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. El emulador x86 en Xen 3.2.x hasta 4.5.x no ignora correctamente las anulaciones de segmentos para instrucciones con operandos del registro, lo que permite a usuarios locales invitados obtener información sensible, causar una denegación de servicio (corrupción de memoria), o posiblemente ejecutar código arbitrario a través de vectores no especificados. It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://support.citrix.com/article/CTX200484 http://www.debian.org/security/2015/dsa-3181 http://www.oracle.com/technetwork/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 57EXPL: 0

libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. libraries/select_lang.lib.php en phpMyAdmin 4.0.x anterior a 4.0.10.9, 4.2.x anterior a 4.2.13.2, y 4.3.x anterior a 4.3.11.1 incluye valores de lenguaje inválidos en respuestas de error de lenguaje desconocido que contienen un token CSRF y pueden ser enviadas con la compresión HTTP, lo que facilita a atacantes remotos realizar un ataque BREACH y determinar este token a través de una serie de respuestas manipuladas. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151331.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151914.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151931.html http://lists.opensuse.org/opensuse-updates/2015-07/msg00008.html http://www.debian.org/security/2015/dsa-3382 http://www.mandriva.com/security/advisories?name=MDVSA-2015:186 http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php http://www.securityfoc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •