Page 124 of 1430 results (0.012 seconds)

CVSS: 5.5EPSS: 0%CPEs: 84EXPL: 2

CVE-2016-1897

https://notcve.org/view.php?id=CVE-2016-1897

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file. FFmpeg 2.x permite a atacantes remotos llevar a cabo ataques de origen cruzado y leer archivos arbitrarios usando el protocolo concat en un archivo HTTP Live Streaming (HLS) M3U8, dando lugar a una petición HTTP externa en la que la cadena URL contiene la primera línea de un archivo local. • http://habrahabr.ru/company/mailru/blog/274855 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html http://security.stackexchange.com/questions/110644 http://www.debian.org/security/2016/dsa-3506 http://www.openwall.com/lists/oss-security/2016/01/14/1 http://www.securityfocus.com/bid/80501 http://www.securitytracker.com/id/1034932 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036 http://www.ubuntu.com/usn • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 5%CPEs: 93EXPL: 0

CVE-2015-8605

https://notcve.org/view.php?id=CVE-2015-8605

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. ISC DHCP 4.x en versiones anteriores a 4.1-ESV-R12-P1, 4.2.x y 4.3.x en versiones anteriores a 4.3.3-P1 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una longitud de campo no válida en un paquete UDP IPv4. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175594.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176031.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00162.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00168.html http://www.debian.org/security/2016/dsa-3442 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/80703 http://www.securitytracker.com/id/1034657 http&# • CWE-20: Improper Input Validation •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0

CVE-2011-4600

https://notcve.org/view.php?id=CVE-2011-4600

The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. La función networkReloadIptablesRules en network/bridge_driver.c en libvirt en versiones anteriores a 0.9.9 no maneja correctamente las reglas del firewall en redes puente cuando se reinicia libvirtd, lo que podría permitir a atacantes remotos eludir las restricciones de acceso previstas a través de una consulta (1) DNS o (2) DHCP. • http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=ae1232b298323dd7bef909426e2ebafa6bca9157 http://libvirt.org/news-2012.html http://www.ubuntu.com/usn/USN-2867-1 https://bugzilla.redhat.com/show_bug.cgi?id=760442 • CWE-284: Improper Access Control •

CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2015-5247

https://notcve.org/view.php?id=CVE-2015-5247

The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. La API virStorageVolCreateXML en libvirt 1.2.14 hasta la versión 1.2.19 permite a usuarios remotos autenticados con una conexión de lectura-escritura causar una denegación de servicio (caída de libvirtd) desencadenando una desvinculación fallida después de crear un volumen en un pool NFS root_squash. • http://security.libvirt.org/2015/0003.html http://www.ubuntu.com/usn/USN-2867-1 • CWE-284: Improper Access Control •

CVSS: 9.3EPSS: 1%CPEs: 14EXPL: 0

CVE-2015-8557

https://notcve.org/view.php?id=CVE-2015-8557

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. La función FontManager._get_nix_font_path en formatters/img.py en Pygments 1.2.2 hasta la versión 2.0.2 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un nombre de fuente. • http://packetstormsecurity.com/files/133823/Pygments-FontManager._get_nix_font_path-Shell-Injection.html http://seclists.org/fulldisclosure/2015/Oct/4 http://www.debian.org/security/2016/dsa-3445 http://www.openwall.com/lists/oss-security/2015/12/14/17 http://www.openwall.com/lists/oss-security/2015/12/14/6 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.ubuntu.com/usn/USN-2862-1 https://bitbucket.org/birkenfeld/pygments-main/pull-requ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •