Page 62 of 547 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. El servidor HTTP Apache, en todas las distribuciones anteriores a la 2.2.32 y la 2.4.25 era liberal en el espacio en blanco aceptado de peticiones y enviado en lineas y cabeceras de respuesta. La aceptación de estos comportamientos diferentes representaba un problema a nivel de seguridad cuando httpd participa en cualquier cadena de proxies o interactúa con servidores de aplicaciones backend, ya sea mediante mod_proxy o utilizando mecanismos CGI convencionales y puede dar lugar al tráfico de peticiones, división de respuestas y contaminación de la caché. It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. • http://rhn.redhat.com/errata/RHSA-2017-1415.html http://www.debian.org/security/2017/dsa-3796 http://www.securityfocus.com/bid/95077 http://www.securitytracker.com/id/1037508 https://access.redhat.com/errata/RHSA-2017:0906 https://access.redhat.com/errata/RHSA-2017:1161 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1721 https://h20566.www2.hpe.com/hpsc/doc/public/display • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. openjpeg: Se ha descubierto un fallo de desbordamiento de búfer basado en memoria dinámica en el parche para CVE-2013-6045. Una imagen j2k manipulada puede provocar la caída de la aplicación, o potencialmente ejecutar código arbitrario. A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or possible code execution. • http://rhn.redhat.com/errata/RHSA-2017-0559.html http://rhn.redhat.com/errata/RHSA-2017-0838.html http://www.openwall.com/lists/oss-security/2016/11/29/7 http://www.securityfocus.com/bid/94589 https://access.redhat.com/security/cve/CVE-2016-9675 https://bugzilla.redhat.com/show_bug.cgi?id=1382202 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1

Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Uso de memoria previamente liberada que resulta en un cierre inesperado potencialmente explotable al manipular subárboles DOM en el Editor. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1, Firefox ESR en versiones anteriores a la 45.6 y Thunderbird en versiones anteriores a la 45.6. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://www.securityfocus.com/bid/94885 http://www.securitytracker.com/id/1037461 https://bugzilla.mozilla.org/show_bug.cgi?id=1314442 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2017/dsa-3757 https://www.mozilla.org/security/advisories/mfsa2016-94 https://www.mozilla.org/security/advisories/mfsa2016-95 https://www.mozilla.org/security/advisories/mfsa2016-96 https://access.redhat.com/security/cve&#x • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 1

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Los recursos externos que deberían estar bloqueados al ser cargados por imágenes SVG pueden omitir restricciones de seguridad mediante el uso de URL "data:". Esto podría permitir el filtrado de datos Cross-Domain. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://rhn.redhat.com/errata/RHSA-2016-2973.html http://www.securityfocus.com/bid/94885 http://www.securitytracker.com/id/1037461 https://bugzilla.mozilla.org/show_bug.cgi?id=1319122 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2017/dsa-3757 https://www.mozilla.org/security/advisories/mfsa2016-94 https://www.mozilla.org/security/advisories/mfsa2016-95 https://www.mozilla.org/security/advisories&# • CWE-254: 7PK - Security Features •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0

Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. Se han reportado errores de seguridad de memoria en Thunderbird 45.5. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://rhn.redhat.com/errata/RHSA-2016-2973.html http://www.securityfocus.com/bid/94885 http://www.securitytracker.com/id/1037461 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1319524%2C1298773%2C1299098%2C1309834%2C1312609%2C1313212%2C1317805%2C1312548%2C1315631%2C1287912 https://security.gentoo.org/glsa/201701-15 https://www.debian.org/security/2017/dsa-3757 https://www.mozilla.org/security/advisories/mfsa2016-94 https://www.mozilla.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •