Page 2 of 10 results (0.011 seconds)

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. Desbordamiento de búfer basado en memoria dinámica en el procesamiento de compresión puntero en core/ngx_resolver.c en nginx antes de v1.0.10 permite a resolvers remotos causar una denegación de servicio (caída del demonio) o posiblemente tener un impacto no especificado a través de una respuesta larga. • http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html http://openwall.com/lists/oss-security/2011/11/17/10 http://openwall.com/lists/oss-security/2011/11/17/8 http://secunia.com/advisories/47097 http://secunia.com/advisories/48577 http://security.gentoo.org/glsa/glsa-201203-22.xml http://trac.nginx.org/nginx/changeset/4268/nginx http://www.nginx.org/en/CHANGES-1.0 • CWE-787: Out-of-bounds Write •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

VMware Studio 2.0 does not properly write to temporary files, which allows local users to gain privileges via unspecified vectors. VMware Studio v2.0 no escribe adecuadamente en los archivos temporales, lo cual permite a usuarios locales conseguir privilegios a través de vectores no especificados. • http://lists.vmware.com/pipermail/security-announce/2010/000101.html http://secunia.com/advisories/40507 http://securitytracker.com/id?1024187 http://www.securityfocus.com/archive/1/512311/100/0/threaded http://www.securityfocus.com/bid/41568 http://www.vupen.com/english/advisories/2010/1791 http://www.wmware.com/security/advisories/VMSA-2010-0011.html https://exchange.xforce.ibmcloud.com/vulnerabilities/60351 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0

Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance. Múltiples vulnerabilidades no especificadas en el Virtual Appliance Management Infrastructure (VAMI) en VMware Studio v2.0 permite a usuarios remotos autenticados ejecutar comandos a su elección a través de vectores que involucran (1) el virtual appliance Studio o (2) un virtual appliance creado por el virtual appliance Studio. • http://lists.vmware.com/pipermail/security-announce/2010/000101.html http://secunia.com/advisories/40507 http://securitytracker.com/id?1024187 http://www.securityfocus.com/archive/1/512311/100/0/threaded http://www.securityfocus.com/bid/41566 http://www.vupen.com/english/advisories/2010/1791 http://www.wmware.com/security/advisories/VMSA-2010-0011.html https://exchange.xforce.ibmcloud.com/vulnerabilities/60350 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in a support component in the web interface in VMware Studio 2.0 public beta before build 1017-185256 allows remote attackers to upload files to arbitrary locations via unspecified vectors. Vulnerabilidad de salto de directorio en un componente de apoyo en la interfaz web en VMware Studio 2.0 public beta en versiones anteriores a la build 1017-185256 permite a atacantes remotos subir ficheros a ubicaciones de su elección mediante vectores no especificados. • http://lists.vmware.com/pipermail/security-announce/2009/000064.html http://www.securityfocus.com/archive/1/506191/100/0/threaded http://www.securityfocus.com/bid/36199 http://www.vmware.com/security/advisories/VMSA-2009-0011.html http://www.vmware.com/support/developer/studio/studio20/release_notes.html http://www.vupen.com/english/advisories/2009/2501 https://exchange.xforce.ibmcloud.com/vulnerabilities/52976 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1

Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields. • https://www.exploit-db.com/exploits/19967 http://archives.neohapsis.com/archives/bugtraq/2000-05/0311.html http://www.securityfocus.com/bid/1255 •