Page 57 of 441 results (0.013 seconds)

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0

CVE-2016-8657 – jboss: jbossas writable config files allow privilege escalation

https://notcve.org/view.php?id=CVE-2016-8657

It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted. Se ha descubierto que los paquetes EAP en ciertas versiones de Red Hat Enterprise Linux emplean permisos incorrectos para los archivo de configuración /etc/sysconfig/jbossas. El archivo puede escribirse en el grupo jboss (root:jboss, 664). • http://rhn.redhat.com/errata/RHSA-2017-0826.html http://rhn.redhat.com/errata/RHSA-2017-0827.html http://rhn.redhat.com/errata/RHSA-2017-0828.html http://rhn.redhat.com/errata/RHSA-2017-0829.html http://www.securityfocus.com/bid/96896 https://access.redhat.com/errata/RHSA-2018:1609 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8657 https://access.redhat.com/security/cve/CVE-2016-8657 https://bugzilla.redhat.com/show_bug.cgi?id=1400343 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 1

CVE-2017-5401 – Mozilla: Memory Corruption when handling ErrorResult (MFSA 2017-06)

https://notcve.org/view.php?id=CVE-2017-5401

A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Un cierre inesperado desencadenable mediante contenido web en el que un "ErrorResult" referencia memoria no asignada debido a un error de lógica. El cierre inesperado resultante podría ser explotado. • http://rhn.redhat.com/errata/RHSA-2017-0459.html http://rhn.redhat.com/errata/RHSA-2017-0461.html http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securityfocus.com/bid/96677 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1328861 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 https://www.debian.org/security/2017/dsa-3805 https://www.debian.org/security/2017/dsa-3832 https • CWE-388: 7PK - Errors •

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 1

CVE-2017-5407 – Mozilla: Pixel and history stealing via floating-point timing side channel with SVG filters (MFSA 2017-06)

https://notcve.org/view.php?id=CVE-2017-5407

Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Mediante el uso de filtros SVG que no emplean la implementación de matemática de punto fijo en un iframe objetivo, una página maliciosa puede extraer valores de píxeles de un usuario objetivo. • http://rhn.redhat.com/errata/RHSA-2017-0459.html http://rhn.redhat.com/errata/RHSA-2017-0461.html http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securityfocus.com/bid/96693 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1336622 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 https://www.debian.org/security/2017/dsa-3805 https://www.debian.org/security/2017/dsa-3832 https • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1

CVE-2017-5410 – Mozilla: Memory corruption during JavaScript garbage collection incremental sweeping (MFSA 2017-06)

https://notcve.org/view.php?id=CVE-2017-5410

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Corrupción de memoria que resulta en un cierre inesperado potencialmente explotable durante la recolección de elementos JavaScript no utilizados debido a errores en la forma en la que se gestiona el rastreo incremental para la limpieza de memoria. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52, Firefox ESR en versiones anteriores a la 45.8, Thunderbird en versiones anteriores a la 52 y Thunderbird en versiones anteriores a la 45.8. • http://rhn.redhat.com/errata/RHSA-2017-0459.html http://rhn.redhat.com/errata/RHSA-2017-0461.html http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securityfocus.com/bid/96693 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1330687 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 https://www.debian.org/security/2017/dsa-3805 https://www.debian.org/security/2017/dsa-3832 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 91%CPEs: 21EXPL: 2

CVE-2017-5404 – Mozilla Firefox - 'table' Use-After-Free

https://notcve.org/view.php?id=CVE-2017-5404

A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Puede ocurrir un uso de memoria previamente liberada cuando se manipulan rangos en selecciones con un nodo en un árbol nativo anónimo y un nodo fuera de él. Esto resulta en un cierre inesperado potencialmente explotable. • https://www.exploit-db.com/exploits/41660 http://rhn.redhat.com/errata/RHSA-2017-0459.html http://rhn.redhat.com/errata/RHSA-2017-0461.html http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securityfocus.com/bid/96664 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1340138 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 https://www.debian.org/security/2017/dsa-3805 https:/& • CWE-416: Use After Free •