Page 61 of 426 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. Apache HTTP Server mod_cluster, en versiones anteriores a httpd 2.4.23, es vulnerable a una validación de entradas incorrecta en la lógica de análisis de protocolo en el balanceador de carga, lo que resulta en un fallo de segmentación en el proceso httpd en servicio. An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process. • http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.securityfocus.com/bid/94939 https://access.redhat.com/errata/RHSA-2017:0193 https://access.redhat.com/errata/RHSA-2017:0194 https://bugzilla.redhat.com/show_bug.cgi?id=1387605 https://security.netapp.com/advisory/ntap-20180601-0005 https://access.redhat.com/security/cve/CVE-2016-8612 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. Se ha detectado una vulnerabilidad de divulgación de información en JBoss Enterprise Application Platform en versiones anteriores a la 7.0.4. Se ha descubierto que, al configurar RBAC y marcar información como sensible, los usuarios con rol Monitor pueden visualizar dicha información sensible It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. • http://rhn.redhat.com/errata/RHSA-2017-0170.html http://rhn.redhat.com/errata/RHSA-2017-0171.html http://rhn.redhat.com/errata/RHSA-2017-0172.html http://rhn.redhat.com/errata/RHSA-2017-0173.html http://rhn.redhat.com/errata/RHSA-2017-0244.html http://rhn.redhat.com/errata/RHSA-2017-0245.html http://rhn.redhat.com/errata/RHSA-2017-0246.html http://rhn.redhat.com/errata/RHSA-2017-0247.html http://rhn.redhat.com/errata/RHSA-2017-0250.html http://www • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. El servidor HTTP Apache, en todas las distribuciones anteriores a la 2.2.32 y la 2.4.25 era liberal en el espacio en blanco aceptado de peticiones y enviado en lineas y cabeceras de respuesta. La aceptación de estos comportamientos diferentes representaba un problema a nivel de seguridad cuando httpd participa en cualquier cadena de proxies o interactúa con servidores de aplicaciones backend, ya sea mediante mod_proxy o utilizando mecanismos CGI convencionales y puede dar lugar al tráfico de peticiones, división de respuestas y contaminación de la caché. It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. • http://rhn.redhat.com/errata/RHSA-2017-1415.html http://www.debian.org/security/2017/dsa-3796 http://www.securityfocus.com/bid/95077 http://www.securitytracker.com/id/1037508 https://access.redhat.com/errata/RHSA-2017:0906 https://access.redhat.com/errata/RHSA-2017:1161 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1721 https://h20566.www2.hpe.com/hpsc/doc/public/display • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. openjpeg: Se ha descubierto un fallo de desbordamiento de búfer basado en memoria dinámica en el parche para CVE-2013-6045. Una imagen j2k manipulada puede provocar la caída de la aplicación, o potencialmente ejecutar código arbitrario. A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or possible code execution. • http://rhn.redhat.com/errata/RHSA-2017-0559.html http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.openwall.com/lists/oss-security/2016/11/29/7 http://www.securityfocus.com/bid/94589 https://access.redhat.com/security/cve/CVE-2016-9675 https://bugzilla.redhat.com/show_bug.cgi?id=1382202 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1

Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Uso de memoria previamente liberada que resulta en un cierre inesperado potencialmente explotable al manipular subárboles DOM en el Editor. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://www.securityfocus.com/bid/94885 http://www.securitytracker.com/id/1037461 https://bugzilla.mozilla.org/show_bug.cgi?id=1314442 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2017/dsa-3757 https://www.mozilla.org/security/advisories/mfsa2016-94 https://www.mozilla.org/security/advisories/mfsa2016-95 https://www.mozilla.org/security/advisories/mfsa2016-96 https://access.redhat.com/security/cve&#x • CWE-416: Use After Free •