Page 35 of 680 results (0.015 seconds)

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1

CVE-2016-1494

https://notcve.org/view.php?id=CVE-2016-1494

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. La función de verificación en el paquete RSA para Phython (Python-RSA) en versiones anteriores a 3.3 permite a atacantes falsificar firmas con un exponente público pequeño a través de un relleno de firma manipulado, también conocido como un ataque BERserk. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175897.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175942.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00032.html http://www.openwall.com/lists/oss-security/2016/01/05/1 http://www.openwall.com/lists/oss-security/2016/01/05/3 http://www.securityfocus.com/bid/79829 https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff https: • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0

CVE-2015-8547

https://notcve.org/view.php?id=CVE-2015-8547

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. La función CoreUserInputHandler::doMode en core/coreuserinputhandler.cpp en Quassel 0.10.0 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través del comando "/op *" en una consulta. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174938.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174976.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00099.html http://www.openwall.com/lists/oss-security/2015/12/12/1 http://www.openwall.com/lists/oss-security/2015/12/13/1 https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7 https://github.com/quassel/quassel/pull/153 • CWE-17: DEPRECATED: Code •

CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-7758

https://notcve.org/view.php?id=CVE-2015-7758

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. Gummi 0.6.5 permite a usuarios locales escribir en archivos arbitrarios a través de un ataque de enlace simbólico en un archivo temporal dot que usa el nombre de un archivo existente y la extensión (1) .aux, (2) .log, (3) .out, (4) .pdf o (5) .toc para el nombre de archivo, según lo demostrado por .thesis.tex.aux. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178582.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178642.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00117.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00150.html http://www.openwall.com/lists/oss-security/2015/10/08/4 http://www.openwall.com/lists/oss-security/2015/10/08/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756432 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0

CVE-2015-7575 – TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

https://notcve.org/view.php?id=CVE-2015-7575

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. Mozilla Network Security Services (NSS) en versiones anteriores a 3.20.2, tal como se utiliza en Mozilla Firefox en versiones anteriores a 43.0.2 y Firefox ESR 38.x en versiones anteriores a 38.5.2, no rechaza las firmas MD5 en mensajes Server Key Exchange en el tráfico de TLS 1.2 Handshake Protocol, lo que facilita a atacantes man-in-the-middle falsificar servidores desencadenando una colisión. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. • http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-01 • CWE-19: Data Processing Errors •

CVSS: 6.0EPSS: 0%CPEs: 15EXPL: 0

CVE-2015-8551

https://notcve.org/view.php?id=CVE-2015-8551

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." El controlador backend PCI en Xen, cuando se ejecuta en un sistema x86 y utiliza Linux 3.1.x hasta la versión 4.3.x como dominio de controlador, permite a administradores locales invitados alcanzar condiciones de BUG y provocar una denegación de servicio (referencia a puntero NULL y caída de SO anfitrión) aprovechando un sistema con acceso a un dispositivo físico PCI capaz de pasar a través de MSI o MSI-X y una secuencia de operaciones XEN_PCI_OP_* manipulada, también conocido como "Linux pciback missing sanity checks". • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-476: NULL Pointer Dereference •