Page 50 of 691 results (0.018 seconds)

CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 44.0 y Firefox ESR 38.x en versiones anteriores a 38.6 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html http://rhn.redhat.com/errata/RHSA-2016-0071.html http://rhn.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content. Desbordamiento de buffer en la función BufferSubData en Mozilla Firefox en versiones anteriores a 44.0 y Firefox ESR 38.x en versiones anteriores a 38.6 permite a atacantes remotos ejecutar código arbitrario a través de contenido WebGL manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00105.html http://rhn.redhat.com/errata/RHSA-2016-0071.html http://rhn.redhat. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0

The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. El kernel de Linux en versiones anteriores a 4.4.1 permite a usuarios locales eludir los limites de descriptor de fichero y provocar una denegación de servicio (consumo de memoria) enviando cada descriptor a través de un socket UNIX antes de cerrarlo, relacionado con net/unix/af_unix.c y net/unix/garbage.c. It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=712f4aad406bb1ed67f3f98d04c044191f0ff593 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html http://rhn.redhat.com/errata/RHSA-2016-0855.html http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.debian.org/security/2016/dsa-3448 http://www.debian.or • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.3EPSS: 2%CPEs: 198EXPL: 0

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. Desbordamiento inferior de entero en la función png_check_keyword en pngwutil.c en libpng 0.90 hasta la versión 0.99, 1.0.x en versiones anteriores a 1.0.66, 1.1.x y 1.2.x en versiones anteriores a 1.2.56, 1.3.x y 1.4.x en versiones anteriores a 1.4.19 y 1.5.x en versiones anteriores a 1.5.26 permite a atacantes remotos tener un impacto no especificado a través de un carácter de espacio como contraseña en una imagen PNG, lo que desencadena una lectura fuera de rango. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174435.html http://sourceforge.net/p/libpng/bugs/244 http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed http://sourceforge.net/projects/libpng/files/libpng10/1.0.66 http://sourceforge.net/projects/libpng/files/libpng12/1.2.56 http://sourceforge.net/projects/libpng/files/libpng14/1.4.19 http://sourceforge.net/projects/libpng/files/libpng15/1.5.26 http://www.debian.org/security/2016/dsa-34 • CWE-125: Out-of-bounds Read CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 95%CPEs: 170EXPL: 0

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. db.c en named en ISC BIND 9.x en versiones anteriores a 9.9.8-P2 y 9.10.x en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción REQUIRE y salida del demonio) a través de un atributo de clase mal formado. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174520.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00028.html http://lists.opensuse.org/opensuse-se • CWE-20: Improper Input Validation •