Page 29 of 185 results (0.006 seconds)

CVSS: 5.0EPSS: 1%CPEs: 15EXPL: 1

CVE-2015-7214 – Mozilla: Cross-site reading attack through data: and view-source: URIs (MFSA 2015-149)

https://notcve.org/view.php?id=CVE-2015-7214

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. Mozilla Firefox en versiones anteriores a 43.0 y Firefox ESR 38.x en versiones anteriores a 38.5 permite a atacantes remotos eludir la Same Origin Policy a través de data: y view-source: URIs. • https://github.com/llamakko/CVE-2015-7214 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html http&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 1

CVE-2015-8370 – grub2: buffer overflow when checking password entered during bootup

https://notcve.org/view.php?id=CVE-2015-8370

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error. Múltiple desbordamiento inferior de entero en Grub2 1.98 hasta la versión 2.02 permite a atacantes físicamente próximos eludir la autenticación, obtener información sensible o causar una denegación de servicio (corrupción de disco) a través del carácter backspace en la función (1) grub_username_get en grub-core/normal/auth.c o (2) grub_password_get en lib/crypto.c, lo que desencadena un error de memoria 'Off-by-two' o 'Out of bounds overwrite'. A flaw was found in the way grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system. • http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173703.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174049.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-264: Permissions, Privileges, and Access Controls CWE-787: Out-of-bounds Write •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-7496 – gdm: Crash when holding Escape in log screen

https://notcve.org/view.php?id=CVE-2015-7496

GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. GNOME Display Manager (gdm) en versiones anteriores a 3.18.2 permite a atacantes físicamente próximos eludir la pantalla de bloqueo manteniendo pulsada la tecla Escape. It was found that gdm could crash due to a signal handler dispatched to an invalid conversation. An attacker could crash gdm by holding the escape key when the screen is locked, possibly bypassing the locked screen. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172328.html http://www.openwall.com/lists/oss-security/2015/11/17/10 http://www.openwall.com/lists/oss-security/2015/11/17/8 https://access.redhat.com/errata/RHSA-2017:2128 https://bugzilla.gnome.org/show_bug.cgi?id=758032 https://download.gnome.org/sources/gdm/3.18/gdm-3.18.2.news https://access.redhat.com/security/cve/CVE-2015-7496 https://bugzilla.redhat.com/show_bug.cgi?id=1283279 • CWE-264: Permissions, Privileges, and Access Controls CWE-364: Signal Handler Race Condition •

CVSS: 7.5EPSS: 2%CPEs: 62EXPL: 0

CVE-2015-8126 – libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

https://notcve.org/view.php?id=CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. Múltiples desbordamientos de buffer en las funciones (1) png_set_PLTE y (2) png_get_PLTE en libpng en versiones anteriores a 1.0.64, 1.1.x y 1.2.x en versiones anteriores a 1.2.54, 1.3.x y 1.4.x en versiones anteriores a 1.4.17, 1.5.x en versiones anteriores a 1.5.24 y 1.6.x en versiones anteriores a 1.6.19 permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto no especificado a través de un valor bit-depth pequeño en un fragmento IHDR (también conocido como image header) en una imagen PNG. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html http://lists.fedoraproject.org/pipermail • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2015-5291

https://notcve.org/view.php?id=CVE-2015-5291

Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. Vulnerabilidad de desbordamiento de buffer basado en memoria en PolarSSL 1.x en versiones anteriores a 1.2.17 y ARM mbed TLS (anteriormente PolarSSL) 1.3.x en versiones anteriores a 1.3.14 y 2.x en versiones anteriores a 2.1.2 permite a servidores remotos SSL provocar una denegación de servicio (caída de cliente) y posiblemente ejecutar código arbitrario a través de una extensión larga de hostname para el indicador del nombre del servidor (SNI), el cual no es manejado correctamente cuando se crea un mensaje ClientHello. NOTA: este identificador ha sido SEPARADO por ADT3 debido a los diferentes intervalos de versión afectados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html http://www.debian.org/security/2016/dsa-3468 https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •