Page 118 of 1430 results (0.016 seconds)

CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0

CVE-2015-8567

https://notcve.org/view.php?id=CVE-2015-8567

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). La pérdida de memoria en net/vmxnet3.c en QEMU permite a atacantes remotos provocar una denegación de servicio (consumo de memoria). • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176558.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175967.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176300.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html http://lists.opensuse.org/opensuse-secu • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0

CVE-2016-1947

https://notcve.org/view.php?id=CVE-2016-1947

Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. Mozilla Firefox 43.x no maneja adecuadamente los intentos de conexión al servicio Application Reputation, lo que hace que sea más fácil para atacantes remotos desencadenar una descarga involuntaria , aprovechando la ausencia de datos de reputación. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-11.html http://www.securityfocus.com/bid/81949 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1237103 https://security.gentoo.org/glsa/201605-06 • CWE-19: Data Processing Errors •

CVSS: 7.3EPSS: 1%CPEs: 6EXPL: 0

CVE-2016-0755

https://notcve.org/view.php?id=CVE-2016-0755

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. La función ConnectionExists en lib/url.c en libcurl en versiones anteriores a 7.47.0 no reutiliza correctamente las conexiones proxy autenticadas por NTML, lo que podría permitir a atacantes remotos autenticarse como otros usuarios a través de una petición, un problema similar a CVE-2014-0015. • http://curl.haxx.se/docs/adv_20160127A.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176546.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177342.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177383.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176413.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00031.html • CWE-287: Improper Authentication •

CVSS: 6.5EPSS: 0%CPEs: 81EXPL: 0

CVE-2015-7973

https://notcve.org/view.php?id=CVE-2015-7973

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90, cuando está configurado en modo de difusión, permite a atacantes man-in-the-middle realizar ataques de repetición rastreando la red. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-254: 7PK - Security Features •

CVSS: 5.9EPSS: 0%CPEs: 16EXPL: 0

CVE-2016-2047 – mysql: ssl-validate-cert incorrect hostname check

https://notcve.org/view.php?id=CVE-2016-2047

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." La función ssl_verify_server_cert en sql-common/client.c en MariaDB en versiones anteriores a 5.5.47, 10.0.x en versiones anteriores a 10.0.23 y 10.1.x en versiones anteriores a 10.1.10; Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores; y Percona Server no verifica correctamente que el nombre de host del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o en el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middlesuplantar servidores SSL a través de una cadena "/CN=" en un campo en un certificado, según lo demostrado por "/OU=/CN=bar.com/CN=foo.com". It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://rhn.redhat.com/errata/RHSA-2016-0534.html http:&# • CWE-254: 7PK - Security Features CWE-295: Improper Certificate Validation •