Page 75 of 1833 results (0.017 seconds)

CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0

CVE-2018-18506 – Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied

https://notcve.org/view.php?id=CVE-2018-18506

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. Cuando la autodetección del proxy está habilitada, si un servidor web proporciona un archivo de autoconfiguración de proxy (PAC) o si dicho archivo se carga localmente, este último puede especificar peticiones al host local que están destinadas a enviarse a través del proxy hacia otro servidor. Este comportamiento está prohibido por defecto cuando un proxy se configura manualmente. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html http://www.securityfocus.com/bid/106773 https://access.redhat.com/errata/RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0680 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2018-11790

https://notcve.org/view.php?id=CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation. Al cargar un documento con Apache Open Office, en versiones 4.1.5 y anteriores, con una terminación de final de línea más pequeña que las que emplea el sistema operativo, ocurre este defecto. En este caso, OpenOffice sufre un desbordamiento de aritmética en un cálculo de longitud de cadena. • http://www.securityfocus.com/bid/106803 https://lists.apache.org/thread.html/7394e6b5f78a878bd0c44e9bc9adf90b8cdf49e9adc0f287145aba9b%40%3Ccommits.openoffice.apache.org%3E https://usn.ubuntu.com/3883-1 https://www.openoffice.org/security/cves/CVE-2018-11790.html • CWE-682: Incorrect Calculation •

CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 1

CVE-2018-20748

https://notcve.org/view.php?id=CVE-2018-20748

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. LibVNC, en versiones anteriores a la 0.9.12, contiene múltiples vulnerabilidades de escritura fuera de límites en la memoria dinámica (heap) en libvncclient/rfbproto.c. La solución para CVE-2018-20019 era incompleta. • https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7 https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c https://github.com/LibVNC/libvncserver/issues/273 https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html https://lists.debian.org/ • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1

CVE-2018-20749

https://notcve.org/view.php?id=CVE-2018-20749

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC, en versiones anteriores a la 0.9.12, contiene una vulnerabilidad de escritura fuera de límites en la memoria dinámica (heap) en libvncserver/rfbserver.c. La solución para CVE-2018-15127 era incompleta. • http://www.securityfocus.com/bid/106825 https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707 https://github.com/LibVNC/libvncserver/issues/273 https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://usn.ubuntu.com/3877-1 https://usn.ubuntu.com/4547-1 https://usn.ubuntu.com/4587-1 https://www.openwall. • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1

CVE-2018-20750

https://notcve.org/view.php?id=CVE-2018-20750

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC, hasta la versión 0.9.12, contiene una vulnerabilidad de escritura fuera de límites en la memoria dinámica (heap) en libvncserver/rfbserver.c. La solución para CVE-2018-15127 era incompleta. • http://www.securityfocus.com/bid/106825 https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec https://github.com/LibVNC/libvncserver/issues/273 https://lists.debian.org/debian-lts-announce/2019/01/msg00029.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://usn.ubuntu.com/3877-1 https://usn.ubuntu.com/4547-1 https://usn.ubuntu.com/4587-1 https://www.openwall. • CWE-787: Out-of-bounds Write •