Page 56 of 521 results (0.014 seconds)

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1

CVE-2017-2666 – undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests

https://notcve.org/view.php?id=CVE-2017-2666

It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. Se ha descubierto en Undertow que el código que analizaba la línea de petición HTTP permitía caracteres no válidos. Esto podría ser explotado, en conjunto con un proxy que también permita caracteres inválidos pero con una interpretación diferente, para inyectar datos en la respuesta HTTP. • https://github.com/tafamace/CVE-2017-2666 http://rhn.redhat.com/errata/RHSA-2017-1409.html http://www.securityfocus.com/bid/98966 https://access.redhat.com/errata/RHSA-2017:1410 https://access.redhat.com/errata/RHSA-2017:1411 https://access.redhat.com/errata/RHSA-2017:1412 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 ht • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0

CVE-2017-2670 – undertow: IO thread DoS via unclean Websocket closing

https://notcve.org/view.php?id=CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. Se ha encontrado en Undertow en versiones anteriores a la 1.3.28 que con el cierre no seguro de TCP, el servidor Websocket entra en bucle infinito en cada hilo IO, provocando efectivamente una denegación de servicio (DoS). It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS. • http://rhn.redhat.com/errata/RHSA-2017-1409.html http://www.securityfocus.com/bid/98965 https://access.redhat.com/errata/RHSA-2017:1410 https://access.redhat.com/errata/RHSA-2017:1411 https://access.redhat.com/errata/RHSA-2017:1412 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://bugzilla.redhat.com/show_bug.cgi?id&# • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0

CVE-2017-7980 – Qemu: display: cirrus: OOB r/w access issues in bitblt routines

https://notcve.org/view.php?id=CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. Desbordamiento de búfer basado en memoria dinámica (heap) en Cirrus CLGD 54xx VGA Emulator en Quick Emulator (Qemu) en versiones 2.8 y anteriores permite que los usuarios invitados del sistema operativo ejecuten código arbitrario o provoquen una denegación de servicio (DoS) mediante vectores relacionados con un cliente VNC que actualiza su display después de una operación VGA. An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. • http://ubuntu.com/usn/usn-3289-1 http://www.openwall.com/lists/oss-security/2017/04/21/1 http://www.securityfocus.com/bid/102129 http://www.securityfocus.com/bid/97955 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0988 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 1

CVE-2017-5466 – Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)

https://notcve.org/view.php?id=CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Si se carga una página desde un sitio original mediante un hipervínculo y contiene una redirección a una URL "data:text/html", desencadenar una recarga ejecutará la página "data:text/html" recargada con su origen establecido incorrectamente. Esto permite un ataque de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1353975 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-12 https://www.mozilla.org/security/advisories/mfsa2017-13 https://access.redhat.com/security/cve/CVE-2017-5466 https://bugzilla.redhat.com/sho • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2017-3139 – bind: assertion failure in DNSSEC validation

https://notcve.org/view.php?id=CVE-2017-3139

A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. Se encontró un fallo de denegación de servicio en la forma en que BIND maneja la comprobación de DNSSEC. Un atacante remoto podría utilizar este fallo para hacer la salida nombrada inesperadamente con un error de aserción por medio de una respuesta DNS especialmente creada. • https://access.redhat.com/security/cve/cve-2017-3139 https://bugzilla.redhat.com/show_bug.cgi?id=1447743 https://access.redhat.com/security/cve/CVE-2017-3139 • CWE-617: Reachable Assertion •