Page 143 of 1366 results (0.020 seconds)

CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0

CVE-2017-5398 – Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)

https://notcve.org/view.php?id=CVE-2017-5398

Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Se han reportado errores de seguridad de memoria en Thunderbird 45.7. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://rhn.redhat.com/errata/RHSA-2017-0459.html http://rhn.redhat.com/errata/RHSA-2017-0461.html http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securityfocus.com/bid/96651 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1332550%2C1332597%2C1338383%2C1321612%2C1322971%2C1333568%2C1333887%2C1335450%2C1325052%2C1324379%2C1336510 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 https://www.debian.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0

CVE-2017-2590 – ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands

https://notcve.org/view.php?id=CVE-2017-2590

A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. Se ha encontrado una vulnerabilidad en ipa en versiones anteriores a la 4.4. Los comandos ca-del, ca-disable, y ca-enable de IdM no comprobaban correctamente los permisos del usuario mientras modificaban las CA en Dogtag. • http://rhn.redhat.com/errata/RHSA-2017-0388.html http://www.securityfocus.com/bid/96557 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2590 https://access.redhat.com/security/cve/CVE-2017-2590 https://bugzilla.redhat.com/show_bug.cgi?id=1413137 • CWE-275: Permission Issues CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2017-2625 – libXdmcp: weak entropy usage for session keys

https://notcve.org/view.php?id=CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. Se ha descubierto que libXdmcp en versiones anteriores a la 1.1.2 usaba entropía débil para generar claves de sesión. En un sistema multiusuario que utilice xdmcp, un atacante local podría utilizar la información disponible en la lista de procesos para usar un ataque de fuerza bruta en la clave, permitiéndole secuestrar las sesiones de otros usuarios. It was discovered that libXdmcp used weak entropy to generate session keys. • http://www.securityfocus.com/bid/96480 http://www.securitytracker.com/id/1037919 https://access.redhat.com/errata/RHSA-2017:1865 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625 https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html https://security.gentoo.org/glsa/201704-03 https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg https://access.redhat.com/security& • CWE-320: Key Management Errors CWE-331: Insufficient Entropy •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2017-2626 – libICE: weak entropy usage in session keys

https://notcve.org/view.php?id=CVE-2017-2626

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. Se ha descubierto que libICE en versiones anteriores a la 1.0.9-8 usaba una entropía débil para generar claves. Un atacante local podría utilizar este fallo para secuestrar sesiones utilizando la información disponible en la lista de procesos. It was discovered that libICE used a weak entropy to generate keys. • http://www.openwall.com/lists/oss-security/2019/07/14/3 http://www.securityfocus.com/bid/96480 http://www.securitytracker.com/id/1037919 https://access.redhat.com/errata/RHSA-2017:1865 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626 https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html https://security.gentoo.org/glsa/201704-03 https://www.x41-dsec.de/lab • CWE-331: Insufficient Entropy •

CVSS: 9.9EPSS: 0%CPEs: 32EXPL: 0

CVE-2017-2620 – Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo

https://notcve.org/view.php?id=CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un problema de acceso fuera de límites. El problema puede ocurrir al copiar datos VGA en cirrus_bitblt_cputovideo. • http://rhn.redhat.com/errata/RHSA-2017-0328.html http://rhn.redhat.com/errata/RHSA-2017-0329.html http://rhn.redhat.com/errata/RHSA-2017-0330.html http://rhn.redhat.com/errata/RHSA-2017-0331.html http://rhn.redhat.com/errata/RHSA-2017-0332.html http://rhn.redhat.com/errata/RHSA-2017-0333.html http://rhn.redhat.com/errata/RHSA-2017-0334.html http://rhn.redhat.com/errata/RHSA-2017-0350.html http://rhn.redhat.com/errata/RHSA-2017-0351.html http://rhn • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •