Page 59 of 426 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. pkexec, cuando se utiliza con --user nonpriv, permite a usuarios locales escapar a la sesión principal a través de una llamada ioctl TIOCSTI manipulada, que empuja caracteres al búfer de entrada de la terminal. • http://www.openwall.com/lists/oss-security/2016/02/26/3 https://access.redhat.com/security/cve/cve-2016-2568 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062 https://bugzilla.redhat.com/show_bug.cgi?id=1300746 https://ubuntu.com/security/CVE-2016-2568 • CWE-116: Improper Encoding or Escaping of Output •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. Se ha encontrado un error de ataque de sincronización en OpenSSL, en versiones 1.0.1u y anteriores, que podría permitir que un usuario malicioso con acceso local recupere claves privadas ECDSA P-256 A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. • http://rhn.redhat.com/errata/RHSA-2017-1415.html http://www.securityfocus.com/bid/95375 http://www.securitytracker.com/id/1037575 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1801 https://access.redhat.com/errata/RHSA-2017:1802 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7056 https://eprint.iacr.org/2016/1195 https://ftp.openbsd.org/pub/OpenBSD/patches/5.9/ • CWE-320: Key Management Errors CWE-385: Covert Timing Channel •

CVSS: 7.5EPSS: 52%CPEs: 87EXPL: 1

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL definió el procesamiento de paquetes ALERT durante una negociación de conexión. Un atacante remoto podría emplear este fallo para hacer que un servidor TLS/SSL consuma una cantidad excesiva de recursos de CPU y fracase a la hora de aceptar conexiones de otros clientes. A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. • https://github.com/cujanovic/CVE-2016-8610-PoC http://rhn.redhat.com/errata/RHSA-2017-0286.html http://rhn.redhat.com/errata/RHSA-2017-0574.html http://rhn.redhat.com/errata/RHSA-2017-1415.html http://rhn.redhat.com/errata/RHSA-2017-1659.html http://seclists.org/oss-sec/2016/q4/224 http://www.securityfocus.com/bid/93841 http://www.securitytracker.com/id/1037084 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0

Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Uso de memoria previamente liberada al manipular XSL en documentos XSLT. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. • http://rhn.redhat.com/errata/RHSA-2017-0190.html http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securityfocus.com/bid/95758 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1311687 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 https://www.debian.org/security/2017/dsa-3771 https://www.debian.org/security/2017/dsa-3832 https://www.mozilla.org/security/advisories/mfsa2017-01 http • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. Los scripts de WebExtension pueden emplear el protocolo "data:" para afectar a las páginas cargadas por otras extensiones web que empleen este protocolo, lo que conduce a una potencial divulgación de datos o un escalado de privilegios en las extensiones afectadas. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. • http://rhn.redhat.com/errata/RHSA-2017-0190.html http://www.securityfocus.com/bid/95769 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1319070 https://security.gentoo.org/glsa/201702-22 https://www.debian.org/security/2017/dsa-3771 https://www.mozilla.org/security/advisories/mfsa2017-01 https://www.mozilla.org/security/advisories/mfsa2017-02 https://access.redhat.com/security/cve/CVE-2017-5386 https://bugzilla.redhat.com/show_bug. •