Page 42 of 430 results (0.013 seconds)

CVSS: 6.8EPSS: 1%CPEs: 23EXPL: 0

Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. Error de signo de entero en la función pixman_fill_sse2 en pixman-sse2.c en Pixman, distribuido con Cairo y utiliza Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes v17.0.5, Thunderbird antes de v17.0.5, Thunderbird ESR v17.x antes v17.0.5, SeaMonkey antes de v2.17, y otros productos, permite a atacantes remotos ejecutar código arbitrario a través de los valores manipulados que desencadenan intento de uso de un límite de caja (1) negativo o (2) tamaño de caja negativo, lo que lleva a una operación de escritura fuera de rango. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html http://rhn.redhat.com/errata/RHSA-2013-0696.html http://rhn.redhat.com/errata/RHSA-2013-0697.html http://www.debian.org/security&#x • CWE-787: Out-of-bounds Write •

CVSS: 5.0EPSS: 88%CPEs: 21EXPL: 2

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. MariaDB 5.5.x en versiones anteriores a 5.5.30, 5.3.x en versiones anteriores a 5.3.13, 5.2.x en versiones anteriores a 5.2.15 y 5.1.x en versiones anteriores a 5.1.68 y Oracle MySQL 5.1.69 y versiones anteriores, 5.5.31 y versiones anteriores y 5.6.11 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de una funcionalidad de geometría manipulada que especifica un gran número de puntos, que no es apropiadamente manipulada cuando se procesa la representación binaria de esta funcionalidad, relacionado con un error de cálculo numérico. • https://www.exploit-db.com/exploits/38392 http://lists.askmonty.org/pipermail/commits/2013-March/004371.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html http://seclists.org/oss-sec/2013/q1/671 http://secunia.com/advisories/52639 http://secunia.com/a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 1%CPEs: 135EXPL: 1

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE. libxml2 hasta 2.9.1 no controla correctamente la expansión de entidades externas a menos que un desarrollador de aplicaciones utilice la función xmlSAX2ResolveEntity o xmlSetExternalEntityLoader, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos), enviar peticiones HTTP a los servidores de la intranet, o leer ficheros arbitrarios mediante un documento XML manipulada, también conocido una entidades externas XML (XXE) tema. NOTA: se podría argumentar que debido a que libxml2 ya ofrece la posibilidad de desactivar la expansión entidad externa, la responsabilidad de la solución de este problema se encuentra con los desarrolladores de aplicaciones, de acuerdo con este argumento, esta entrada debe ser rechazada y cada aplicación afectada tendría su propio CVE. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html http://openwall.com/lists/oss-security/2013/02/21/24 http://openwall.com/lists/oss-security/2013/02/22/3 http://seclists.org/oss-sec/2013/q4/182 http://seclists.org/oss-sec/2013/q4/184 http://seclists.org/oss-sec/2013/q4/188 http://secunia.com/advisories/52662 http://secunia.com/advisories/54172 http://secunia.com/advisories/55568 http://www.debian.org/security/2013/dsa-2652 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. Gnome Online Accounts (GOA) 3.4.x, 3.6.x anterior a 3.6.3 y 3.7.x anterior a 3.7.91, no valida adecuadamente los certificados SSL cuando crea cuentas para Windows Live o Facebook, lo que permite a atacantes "man-in-the-middle", obtener información sensible como credenciales mediante la captura de tráfico de red. • http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html http://secunia.com/advisories/51976 http://secunia.com/advisories/52791 http://ubuntu.com/usn/usn-1779-1 https://bugzilla.gnome.org/show_bug.cgi?id=693214 https://bugzilla.redhat.com/show_bug.cgi?id=894352 https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1 https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f https:/ • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. Gnome Online Accounts (GOA) 3.6.x anterior a 3.6.3 y 3.7.x anterior a 3.7.91, no valida adecuadamente los certificados SSL cuando crear cuentas para proveedores que utilizan la biblioteca libsoup, lo que permite a atacantes "man-in-the-middle", obtener información sensible como credenciales mediante la captura de tráfico de red. NOTA: este problema existe ya que no se corrigió correctamente la vulnerabilidad CVE-2013-0240. • http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html http://secunia.com/advisories/51976 http://secunia.com/advisories/52791 http://ubuntu.com/usn/usn-1779-1 https://bugzilla.gnome.org/show_bug.cgi?id=693214 https://bugzilla.gnome.org/show_bug.cgi?id=695106 https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8 https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html https://mail.gnome.org/archives/gnome-a • CWE-310: Cryptographic Issues •