Page 47 of 1444 results (0.005 seconds)

CVSS: 7.5EPSS: 25%CPEs: 55EXPL: 0

01 Mar 2018 — A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Un cliente malicioso al que se le permite enviar grandes cantidades de tráfico (miles de millones de paquetes) a un servidor DHCP puede terminar desbordando un contador de referencia de 32 bits, provocando el cierre inesperado de dhc... • http://www.securityfocus.com/bid/103188 • CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 3%CPEs: 51EXPL: 2

28 Feb 2018 — The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. El patró... • https://github.com/knqyf263/CVE-2018-1304 • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 7%CPEs: 6EXPL: 0

19 Feb 2018 — Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos podría conducir a una escritura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 64.0.3282.168, lo que permite que un atacante remoto ejecute código arbitrario dentro de un sandbox mediante una página HTML manipulada. Chromium is an open-source web browser, powered by We... • http://www.securityfocus.com/bid/103003 • CWE-704: Incorrect Type Conversion or Cast •

CVSS: 9.8EPSS: 59%CPEs: 22EXPL: 3

08 Feb 2018 — LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. LibreOffice, en versiones anteriores a la 5.4.5 y versiones 6.x anteriores a la 6.0.1, permite que atacantes remotos lean archivos arbitrarios mediante llamadas =WEBSERVICE en un documento, que emplea la función COM.MICROSOFT.WEBSERVICE. A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosur... • https://packetstorm.news/files/id/146319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 5%CPEs: 16EXPL: 0

06 Feb 2018 — A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en Adobe Flash Player, en versiones anteriores a la 28.0.0.161. Esta vulnerabilidad ocurre debido a un puntero pendiente en el SDK Primetime relacionado con l... • http://www.securityfocus.com/bid/102930 • CWE-416: Use After Free •

CVSS: 9.8EPSS: 93%CPEs: 16EXPL: 15

06 Feb 2018 — A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en Adobe Flash Player, en versiones anteriores a la 28.0.0.161. • https://packetstorm.news/files/id/147041 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0

28 Jan 2018 — Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Uso de memoria previamente liberada en PDFium en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante un archivo PDF manipulado. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.119. Security F... • http://www.securityfocus.com/bid/102797 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

28 Jan 2018 — Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. Aplicación de políticas insuficiente en Blink en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto filtrase los datos cross-origin del usuario mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.119. Sec... • http://www.securityfocus.com/bid/102797 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0

28 Jan 2018 — Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. Validación de datos insuficiente en Downloads en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto ejecutase código arbitrario fuera del sandbox mediante una extensión de Chrome manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to v... • http://www.securityfocus.com/bid/102797 • CWE-20: Improper Input Validation •

CVSS: 8.1EPSS: 1%CPEs: 6EXPL: 0

28 Jan 2018 — Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Validación de datos insuficiente en WebGL en Google Chrome en versiones anteriores a la 64.0.3282.119 permitía que un atacante remoto pudiese realizar una lectura de memoria fuera de límites mediante una página HTML manipulada. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.119. ... • http://www.securityfocus.com/bid/102797 • CWE-125: Out-of-bounds Read •