Page 40 of 482 results (0.013 seconds)

CVSS: 7.5EPSS: 14%CPEs: 51EXPL: 0

CVE-2017-3144 – Failure to properly clean up closed OMAPI connections can exhaust available sockets

https://notcve.org/view.php?id=CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descriptores del socket disponibles para el servidor DHCP. • http://www.securityfocus.com/bid/102726 http://www.securitytracker.com/id/1040194 https://access.redhat.com/errata/RHSA-2018:0158 https://kb.isc.org/docs/aa-01541 https://usn.ubuntu.com/3586-1 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2017-3144 https://bugzilla.redhat.com/show_bug.cgi?id=1522918 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0

CVE-2018-5748 – libvirt: Resource exhaustion via qemuMonitorIORead() method

https://notcve.org/view.php?id=CVE-2018-5748

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. qemu/qemu_monitor.c en libvirt permite que los atacantes provoquen una denegación de servicio (consumo de memoria) mediante una respuesta QEMU grande. • http://www.securityfocus.com/bid/102825 https://access.redhat.com/errata/RHSA-2018:1396 https://access.redhat.com/errata/RHSA-2018:1929 https://lists.debian.org/debian-lts-announce/2018/03/msg00018.html https://www.debian.org/security/2018/dsa-4137 https://www.redhat.com/archives/libvir-list/2018-January/msg00527.html https://access.redhat.com/security/cve/CVE-2018-5748 https://bugzilla.redhat.com/show_bug.cgi?id=1528396 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.0EPSS: 0%CPEs: 18EXPL: 1

CVE-2018-5683 – Qemu: Out-of-bounds read in vga_draw_text routine

https://notcve.org/view.php?id=CVE-2018-5683

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. La función vga_draw_text en Qemu permite que usuarios del sistema operativo invitados con privilegios provoquen una denegación de servicio (acceso de lectura fuera de límites y cierre inesperado del proceso Qemu) aprovechando la validación indebida de direcciones de memoria. An out-of-bounds read access issue was found in the VGA emulator of QEMU. It could occur in vga_draw_text routine, while updating display area for a vnc client. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS. • http://www.openwall.com/lists/oss-security/2018/01/15/2 http://www.securityfocus.com/bid/102518 https://access.redhat.com/errata/RHSA-2018:0816 https://access.redhat.com/errata/RHSA-2018:1104 https://access.redhat.com/errata/RHSA-2018:2162 https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02597.html https://usn.ubuntu.com/3575-1 https://www.debian.org/security/2018/dsa-4213 https:/ • CWE-125: Out-of-bounds Read •

CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 1

CVE-2018-5950 – mailman: Cross-site scripting (XSS) vulnerability in web UI

https://notcve.org/view.php?id=CVE-2018-5950

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. Vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz de usuario web en Mailman en versiones anteriores a la 2.1.26 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante una URL user-options. A cross-site scripting (XSS) flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions. Mailman versions 1.x up through 2.1.23 suffer from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html http://www.securityfocus.com/bid/104594 https://access.redhat.com/errata/RHSA-2018:0504 https://access.redhat.com/errata/RHSA-2018:0505 https://bugs.launchpad.net/mailman/+bug/1747209 https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html https://usn.ubuntu.com/3563-1 https://www.debian.org/security/2018/dsa-4108 https://www.mail-archive.com/mailman-users%40python.org/msg70375. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0

CVE-2018-2579 – OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)

https://notcve.org/view.php?id=CVE-2018-2579

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102663 http://www.securitytracker.com/id/1040203 https://access.redhat.com/errata/RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0115 https://access.redhat.com/errata/RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:0351 https://access.redhat.com/errata/ • CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context •