Page 6 of 147 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

03 Feb 2017 — The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. La función git_commit_message en oid.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un comando cat-file con un archivo de objeto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

03 Feb 2017 — The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. La función git_oid_nfmt en commit.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un comando cat-file con un archivo de objeto manipulado. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0

21 Nov 2016 — The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. La función ReadRLEImage en coders/rle.c en ImageMagick 6.8.9.9 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo de imagen manipulado. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked i... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0

21 Nov 2016 — The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. La función ReadDIBImage en coders/dib.c en ImageMagick permite a atacantes provocar una denegación de servicio (caída) a través de un archivo dib corrompido. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could explo... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

12 Oct 2016 — Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. A través de una URL maliciosa que contenía un caracter de comillas era posible inyectar código HTML en el visor de texto plano de KMail. ... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00065.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 98EXPL: 0

10 Oct 2016 — CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. Vulnerabilidad de inyección CRLF en la función ServerResponse#writeHead en Node.js 0.10.x en versiones anteriores a 0.10.47, 0.12.x en versiones anteriores a 0.12.16, 4.x en versiones anteriores a 4.6.0 y 6.x en versione... • http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 7.4EPSS: 0%CPEs: 98EXPL: 0

10 Oct 2016 — The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. La función tls.checkServerIdentity en Node.js 0.10.x en versiones anteriores a 0.10.47, 0.12.x en versiones anteriores a 0.12.16, 4.x en versiones anteriores a 4.6.0 y 6.x en versiones anteriores a 6.7.0 no maneja adecuad... • http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html • CWE-19: Data Processing Errors •

CVSS: 8.8EPSS: 4%CPEs: 17EXPL: 0

23 Jul 2016 — Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0

20 Jun 2016 — The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. La función dsa_sign_setup en crypto/dsa/dsa_ossl.c en OpenSSL hasta la versión 1.0.2h no asegura correctamente la utilización de operaciones de tiempo constante, lo que facilita a usuarios locales descubrir una clave privada DSA a través de un ataque de sincronización ... • http://eprint.iacr.org/2016/594.pdf • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

02 Jun 2016 — The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. El subsistema de extensiones en Google Chrome en versiones anteriores a 51.0.2704.79 no restringe adecuadamente accesos vinculantes, lo que permite a atacantes remotos eleduir la Same Origin Policy a través de vectores no especificados. Chromium is an open-source web browser, powered by WebKit. This update upgrades C... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update.html • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •