Page 58 of 441 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 1

CVE-2017-5408 – Mozilla: Cross-origin reading of video captions in violation of CORS (MFSA 2017-06)

https://notcve.org/view.php?id=CVE-2017-5408

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Los archivos de vídeo cargaron capturas de vídeo Cross-Origin sin comprobar la presencia de cabeceras CORS que permiten tal uso de Cross-Origin, lo que conduce a una potencial divulgación de información para capturas de vídeo. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52, Firefox ESR en versiones anteriores a la 45.8, Thunderbird en versiones anteriores a la 52 y Thunderbird en versiones anteriores a la 45.8. • http://rhn.redhat.com/errata/RHSA-2017-0459.html http://rhn.redhat.com/errata/RHSA-2017-0461.html http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securityfocus.com/bid/96693 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1313711 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 https://www.debian.org/security/2017/dsa-3805 https://www.debian.org/security/2017/dsa-3832 https • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.6EPSS: 0%CPEs: 22EXPL: 1

CVE-2017-5405 – Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)

https://notcve.org/view.php?id=CVE-2017-5405

Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Ciertos códigos de respuesta en las conexiones FTP pueden resultar en el uso de valores no inicializados para los puertos en las operaciones FTP. La vulnerabilidad afecta a Firefox en versiones anteriores a la 52, Firefox ESR en versiones anteriores a la 45.8, Thunderbird en versiones anteriores a la 52 y Thunderbird en versiones anteriores a la 45.8. • http://rhn.redhat.com/errata/RHSA-2017-0459.html http://rhn.redhat.com/errata/RHSA-2017-0461.html http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securityfocus.com/bid/96693 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1336699 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 https://www.debian.org/security/2017/dsa-3805 https://www.debian.org/security/2017/dsa-3832 https • CWE-1187: DEPRECATED: Use of Uninitialized Resource •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0

CVE-2017-5402 – Mozilla: Use-after-free working with events in FontFace objects (MFSA 2017-06)

https://notcve.org/view.php?id=CVE-2017-5402

A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Puede ocurrir un uso de memoria previamente liberada cuando se lanzan eventos para un objeto "FontFace" una vez el objeto ha sido ya destruido mientras se trabaja con fuentes. Esto resulta en un cierre inesperado potencialmente explotable. • http://rhn.redhat.com/errata/RHSA-2017-0459.html http://rhn.redhat.com/errata/RHSA-2017-0461.html http://rhn.redhat.com/errata/RHSA-2017-0498.html http://www.securityfocus.com/bid/96664 http://www.securitytracker.com/id/1037966 https://bugzilla.mozilla.org/show_bug.cgi?id=1334876 https://security.gentoo.org/glsa/201705-06 https://security.gentoo.org/glsa/201705-07 https://www.debian.org/security/2017/dsa-3805 https://www.debian.org/security/2017/dsa-3832 https • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1

CVE-2016-5314

https://notcve.org/view.php?id=CVE-2016-5314

Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. Desbordamiento de búfer en la función PixarLogDecode en tif_pixarlog.c en LibTIFF, en versiones 4.0.6 y anteriores, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) u otro tipo de impacto sin especificar mediante una imagen TIFF manipulada. Esto se demuestra sobrescribiendo el puntero de función vgetparent con rgb2ycbcr. • http://bugzilla.maptools.org/show_bug.cgi?id=2554 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html http://www.openwall.com/lists/oss-security/2016/06/15/1 http://www.openwall.com/lists/oss-security/2016/06/15/9 http://www.openwall.com/lists/oss-security/2 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2016-2568

https://notcve.org/view.php?id=CVE-2016-2568

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. pkexec, cuando se utiliza con --user nonpriv, permite a usuarios locales escapar a la sesión principal a través de una llamada ioctl TIOCSTI manipulada, que empuja caracteres al búfer de entrada de la terminal. • http://www.openwall.com/lists/oss-security/2016/02/26/3 https://access.redhat.com/security/cve/cve-2016-2568 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062 https://bugzilla.redhat.com/show_bug.cgi?id=1300746 https://ubuntu.com/security/CVE-2016-2568 • CWE-116: Improper Encoding or Escaping of Output •