Page 4 of 36 results (0.013 seconds)

CVSS: 5.0EPSS: 2%CPEs: 10EXPL: 0

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. El método crypto.generateCRMFRequest en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no valida debidamente cierto tipo de clave, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de vectores que provocan la generación de una clave que soporta el algoritmo Elliptic Curve ec-dual-use. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-18.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=935618 https://s • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 2.6EPSS: 0%CPEs: 10EXPL: 0

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. La funcionalidad session-restore en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no considera Content Security Policy de un dato: URL, lo que facilita a atacantes remotos realizar ataques de XSS a través de un documento manipulado que es accedido después de un reinicio de navegador. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-23.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=911547 https://s • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 16EXPL: 0

Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided. Desbordamiento de enteros en inc/server.hpp en libnet6 (también conocido como net6) anterior a 1.3.14 podría permitir a atacantes remotos secuestrar conexiones y ganar privilegios como otros usuarios mediante la realización de un gran número de conexiones hasta que el desbordamiento ocurre y la identidad de otro usuario es proporcionado. • http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=ac61d7fb42a1f977fb527e024bede319c4a9e169%3Bhp=08c8e2261604c6fcbbaf62f9ae9d13f7015fcb9a http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html http://www.openwall.com/lists/oss-security/2011/10/31/1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://bugzilla.novell.com/show_bug.cgi?id=727710 https://bugzilla.redhat.com/show_bug.cgi?id=750631 • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0

The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. El servidor de libobby en inc/server.hpp en libnet6 (también conocido como net6) anterior a 1.3.14 no realiza autenticación antes de comprobar el nombre de usuario, lo que permite a atacantes remotos obtener información sensible tal como patrones de uso del servidor de un usuario especifico y preferencias de color. • http://git.0x539.de/?p=net6.git%3Ba=commitdiff%3Bh=84afca022f063f89bfcd4bb32b1ee911f555abf1%3Bhp=ac61d7fb42a1f977fb527e024bede319c4a9e169 http://lists.opensuse.org/opensuse-updates/2012-01/msg00044.html http://lists.opensuse.org/opensuse-updates/2012-01/msg00054.html http://www.openwall.com/lists/oss-security/2011/10/31/1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://bugzilla.novell.com/show_bug.cgi?id=727708 https://bugzilla.redhat.com/show_bug.cgi?id=750632 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. La implementación de descarga de archivos en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 no restringe debidamente el tiempo de las selecciones de botón, lo que permite a atacantes remotos llevar a cabo ataques de clickjacking y provocar el lanzamiento no intencionado de un archivo descargado, a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102867 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-03.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65331 http://www.securitytracker.com/id • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •