Page 4 of 23 results (0.008 seconds)

CVSS: 9.3EPSS: 1%CPEs: 21EXPL: 3

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v13.0, Thunderbird antes de v13.0, y SeaMonkey antes de v2.10 permiten a atacantes remotos causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores relacionados con (1) methodjit/ImmutableSync.cpp, y con la función (2) JSObject::makeDenseArraySlow en js/src/jsarray.cpp y otros componentes desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0710.html http://rhn.redhat.com/errata/RHSA-2012-0715.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 http://www.mozilla.org/security/announce/2012/mfsa2012-34.html http://www.securityfocus.com/bid/53796 https://bugzilla.mozilla.org/show_bug.cgi?id=670317 https://bugzilla. •

CVSS: 4.3EPSS: 71%CPEs: 16EXPL: 1

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. protocol.c en Apache HTTP Server v2.2.x hasta la v2.2.21 no limita adecuadamente la información de cabecera durante la construcción de mensajes de error Bad Request (errores 400), lo que permite obtener los valores de las cookies HTTPOnly a atacantes remotos a través de vectores relacionados con una cabecera (1) demasiado larga o (2) mal formada con un script web desarrollado para este fin. • https://www.exploit-db.com/exploits/18442 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://httpd.apache.org/security/vulnerabilities_22.html http://kb.juniper.net/JSA10585 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html http://marc.info/?l=bugtraq&m=133294460209056&w=2 http:// •

CVSS: 4.6EPSS: 0%CPEs: 17EXPL: 2

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. scoreboard.c en Apache HTTP Server v2.2.21 y anteriores puede permitir a usuarios locales provocar una denegación de servicio (caída del demonio durante el apagado) o posiblemente, tener un impacto no especificado mediante la modificación de un determinado campo tipo dentro de un segmento de memoria compartida, lo que ocasiona una llamada no válida a la función 'free'. • https://www.exploit-db.com/exploits/41768 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html http://marc.info/?l=bugtraq&m=133294460209056&w=2 http://marc.info/?l=bugtraq&m=133494237717847&w=2 http://marc.info/?l=bugtraq&m=1349870412106 •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon. multipath-tools en SUSE openSUSE v10.3 hasta v11.0 y SUSE Linux Enterprise Server (SLES) v10 utiliza permisos de escritura a todos para el fichero del socket (también conocido como /var/run/multipathd.sock), permitiendo a usuarios locales enviar comandos de su elección al demonio "multipath". • http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://launchpad.net/bugs/cve/2009-0115 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://secunia.com/advisories/ • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/. El núcleo de Linux anterior a 2.6.25.10, no realiza de forma adecuada las operaciones tty, esto permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente obtener privilegios mediante vectores que contienen referencias a puntero NULO en los punteros a funciones en (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, y (8) wireless/strip.c en drivers/net/. • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10 http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html http://l • CWE-476: NULL Pointer Dereference •