Page 3 of 12 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control. La escalada de privilegios en McAfee Enterprise Security Manager (ESM) 11.x antes de la 11.2.0 permite al usuario identificado obtener acceso a un componente central del sistema a través del control de acceso incorrecto. • https://kc.mcafee.com/corporate/index?page=content&id=SB10284 •

CVSS: 7.5EPSS: 81%CPEs: 58EXPL: 0

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. El cliente ntpd en NTP 4.x en versiones anteriores a 4.2.8p4, y 4.3.x en versiones anteriores a 4.3.77 permite que atacantes remotos provoquen una denegación de servicio empleando una serie de mensajes "KOD" manipulados. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. • http://bugs.ntp.org/show_bug.cgi?id=2901 http://rhn.redhat.com/errata/RHSA-2015-1930.html http://rhn.redhat.com/errata/RHSA-2015-2520.html http://support.ntp.org/bin/view/Main/NtpBug2901 http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit http://www.debian.org/security/2015/dsa-3388 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/77280 http://www.securitytracker.com/id/1 • CWE-20: Improper Input Validation •