Page 44 of 366 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 1

Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Los gestores de eventos en los elementos "marquee" se ejecutaron a pesar de que existe un CSP (Content Security Policy) estricto que prohibía el JavaScript inline. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://rhn.redhat.com/errata/RHSA-2016-2973.html http://www.securityfocus.com/bid/94885 http://www.securitytracker.com/id/1037461 https://bugzilla.mozilla.org/show_bug.cgi?id=1312272 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2017/dsa-3757 https://www.mozilla.org/security/advisories/mfsa2016-94 https://www.mozilla.org/security/advisories/mfsa2016-95 https://www.mozilla.org/security/advisories&# • CWE-254: 7PK - Security Features •

CVSS: 7.5EPSS: 95%CPEs: 26EXPL: 6

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en SVG Animation. Se ha descubierto un exploit construido sobre esta vulnerabilidad "in the wild" que apunta a usuarios de Firefox y Tor Browser en Windows. • https://www.exploit-db.com/exploits/42327 https://www.exploit-db.com/exploits/41151 https://github.com/dangokyo/CVE-2016-9079 https://github.com/LakshmiDesai/CVE-2016-9079 https://github.com/Tau-hub/Firefox-CVE-2016-9079 http://rhn.redhat.com/errata/RHSA-2016-2843.html http://rhn.redhat.com/errata/RHSA-2016-2850.html http://www.securityfocus.com/bid/94591 http://www.securitytracker.com/id/1037370 https://bugzilla.mozilla.org/show_bug.cgi?id=1321066 https://se • CWE-416: Use After Free •

CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. Se ha descubierto que el manejo del intercambio de claves de cliente Diffie Hellman en NSS 3.21.x era vulnerable a un ataque de confinamiento de subgrupo pequeño. Un atacante podría emplear este error para recuperar claves privadas confinando la clave DH del cliente en un subgrupo pequeño del grupo deseado. It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. • http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94346 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635 https://security.gentoo.org/glsa/201701-46 https://access.redhat.com/security/cve/CVE-2016-8635 https://bugzilla.redhat.com/show_bug.cgi?id=1391818 • CWE-320: Key Management Errors CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. SELinux policycoreutils permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada. It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. • http://rhn.redhat.com/errata/RHSA-2016-2702.html http://rhn.redhat.com/errata/RHSA-2017-0535.html http://rhn.redhat.com/errata/RHSA-2017-0536.html http://www.openwall.com/lists/oss-security/2016/09/25/1 http://www.securityfocus.com/bid/93156 http://www.securitytracker.com/id/1037283 https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF https:& • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. Se ha detectado un error en Pacemaker en versiones anteriores a la 1.1.6 por el que no protegía correctamente su interfaz IPC. Un atacante con una cuenta sin privilegios en un nodo Pacemaker podría emplear este error para, por ejemplo, forzar al demonio Local Resource Manager para que ejecute un script como root y, por lo tanto, obtenga acceso root a la máquina An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. • http://rhn.redhat.com/errata/RHSA-2016-2614.html http://rhn.redhat.com/errata/RHSA-2016-2675.html http://www.openwall.com/lists/oss-security/2016/11/03/5 http://www.securityfocus.com/bid/94214 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7035 https://github.com/ClusterLabs/pacemaker/commit/5d71e65049 https://lists.clusterlabs.org/pipermail/users/2016-November/004432.html https://security.gentoo.org/glsa/201710-08 https://access.redhat.com/security/cve/CVE-2016- • CWE-285: Improper Authorization •