Page 44 of 386 results (0.013 seconds)

CVSS: 9.3EPSS: 22%CPEs: 34EXPL: 1

CVE-2013-1690 – Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2013-1690

Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. Mozilla Firefox anterior a 22.0, Firefox ESR 17.x anterior a 17.0.7, Thunderbird anterior a 17.0.7, y Thunderbird ESR 17.x anterior a 17.0.7 no manejan adecuadamente los eventos "onreadystatechange" en conjunción con las recargas de página, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución arbitraria de código a través de un sitio web manipulado que provoca un intento de ejecución de datos y una asignación de memoria sin mapear. Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site. • https://www.exploit-db.com/exploits/27429 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html http://rhn&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 95%CPEs: 23EXPL: 0

CVE-2002-2443 – krb5: UDP ping-pong flaw in kpasswd

https://notcve.org/view.php?id=CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103. schpw.c en el servicio kpasswd en kadmind en MIT Kerberos 5 (conocido como krb5) anterior a v1.11.3 no valida correctamente los paquetes UDP antes de enviar respuestas, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y ancho de banda) a través de un paquete "forged" que activa un circuito de comunicación, como se demostró en krb_pingpong.nasl, un fallo relacionado con CVE-1999-0103. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105879.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105978.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106698.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00007.html http://rhn.redhat.com/errata/RHSA-2013-0942.html http://www.debian.org/s • CWE-20: Improper Input Validation •

CVSS: 5.1EPSS: 31%CPEs: 27EXPL: 0

CVE-2013-1862 – httpd: mod_rewrite allows terminal escape sequences to be written to the log file

https://notcve.org/view.php?id=CVE-2013-1862

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. mod_rewrite.c en el modulo mod_rewrite en Apache HTTP Server v2.2.x anterior a v2.2.25 escribe datos en un archivo de log sin eliminar caracteres no imprimibles, lo que podría permitir a un atacante remotos ejecutar comandos arbitrarios a través de una petición HTTP que contiene una secuencia de escape para un emulador de terminal. • http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch http://rhn.redhat.com/errata/RHSA-2013-0815.html http://rhn.redhat.com/errata/RHSA-2013-1207.html http://rhn.redhat.com/errata/RHSA-2013-1208.html http://rhn.redhat.com/errata/RHSA-2013-1209.html http://secunia. •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2012-6137 – subscription-manager: rhn-migrate-classic-to-rhsm missing SSL certificate verification

https://notcve.org/view.php?id=CVE-2012-6137

rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials. rhn-migrate-classic-to-rhsm tool en Red Hat subscription-manager no verifica el certificado de servidor X.509 en Red Hat Network Classic cuando se está migrando a Certificate-based Red Hat Network, lo que permite a atacantes remotos "man-in-the-middle" obtener información sensible como credenciales de usuario. • http://osvdb.org/93058 http://rhn.redhat.com/errata/RHSA-2013-0788.html http://secunia.com/advisories/53330 http://www.securityfocus.com/bid/59674 http://www.securitytracker.com/id/1028520 https://bugzilla.redhat.com/show_bug.cgi?id=885130 https://exchange.xforce.ibmcloud.com/vulnerabilities/84020 https://access.redhat.com/security/cve/CVE-2012-6137 • CWE-255: Credentials Management Errors •

CVSS: 5.0EPSS: 6%CPEs: 19EXPL: 0

CVE-2013-0791 – Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40)

https://notcve.org/view.php?id=CVE-2013-0791

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. La función CERT_DecodeCertPackage en Mozilla Network Security Services (NSS), tal como se utiliza en Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes v17.0.5, Thunderbird antes de v17.0.5, Thunderbird ESR v17.x antes de v17.0.5, SeaMonkey antes de v2.17, y otros productos, permite a atacantes remotos provocar una denegación de servicio (fuera del terreno de juego y lectura de corrupción de memoria) a través de un certificado manipulado. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html http://rhn.redhat.com/errata/RHSA-2013-1135.html http://rhn.redhat.com/errata/RHSA-2013-1144.html http://www.mozilla.org/security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •