Page 81 of 643 results (0.014 seconds)

CVSS: 5.5EPSS: 1%CPEs: 14EXPL: 0

libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. libical 1.0 permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) a través de un archivo ics manipulado. • http://www.openwall.com/lists/oss-security/2016/06/25/4 http://www.openwall.com/lists/oss-security/2017/01/20/16 http://www.securityfocus.com/bid/91459 https://access.redhat.com/errata/RHSA-2019:0269 https://access.redhat.com/errata/RHSA-2019:0270 https://bugzilla.mozilla.org/show_bug.cgi?id=1275400 https://github.com/libical/libical/issues/235 https://github.com/libical/libical/issues/251 https://github.com/libical/libical/issues/286 https://security.gentoo • CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0

Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Se han reportado errores de seguridad de memoria en Firefox 50.1 y Firefox ESR 45.6. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://rhn.redhat.com/errata/RHSA-2017-0190.html http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securityfocus.com/bid/95762 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 https://www.debian.org/security/2017/dsa-3771 https://www.debian.org/security/2017/dsa- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0

Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Uso de memoria previamente liberada al manipular XSL en documentos XSLT. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. • http://rhn.redhat.com/errata/RHSA-2017-0190.html http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securityfocus.com/bid/95758 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1311687 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 https://www.debian.org/security/2017/dsa-3771 https://www.debian.org/security/2017/dsa-3832 https://www.mozilla.org/security/advisories/mfsa2017-01 http • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1

WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. Los scripts de WebExtension pueden emplear el protocolo "data:" para afectar a las páginas cargadas por otras extensiones web que empleen este protocolo, lo que conduce a una potencial divulgación de datos o un escalado de privilegios en las extensiones afectadas. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. • http://rhn.redhat.com/errata/RHSA-2017-0190.html http://www.securityfocus.com/bid/95769 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1319070 https://security.gentoo.org/glsa/201702-22 https://www.debian.org/security/2017/dsa-3771 https://www.mozilla.org/security/advisories/mfsa2017-01 https://www.mozilla.org/security/advisories/mfsa2017-02 https://access.redhat.com/security/cve/CVE-2017-5386 https://bugzilla.redhat.com/show_bug. •

CVSS: 9.8EPSS: 92%CPEs: 13EXPL: 3

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. La asignación de código JIT puede permitir la omisión de las protecciones ASLR y DEP, lo que conduce a ataques de corrupción de memoria. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 45.7, Firefox ESR en versiones anteriores a la 45.7 y Firefox en versiones anteriores a la 51. • https://www.exploit-db.com/exploits/44294 https://www.exploit-db.com/exploits/42327 https://www.exploit-db.com/exploits/44293 http://rhn.redhat.com/errata/RHSA-2017-0190.html http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securityfocus.com/bid/95757 http://www.securitytracker.com/id/1037693 https://bugzilla.mozilla.org/show_bug.cgi?id=1325200 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 https://www.debian. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •