Page 85 of 872 results (0.016 seconds)

CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0

CVE-2017-15412 – libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c

https://notcve.org/view.php?id=CVE-2017-15412

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Uso de memoria previamente liberada en libxml2 en versiones anteriores a la 2.9.5, tal y como se emplea en Google Chrome en versiones anteriores a la 63.0.3239.84 y otros productos, permitía que un atacante remoto pudiese explotar una corrupción de memoria dinámica (heap) mediante una página HTML manipulada. A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file. • http://www.securitytracker.com/id/1040348 https://access.redhat.com/errata/RHSA-2017:3401 https://access.redhat.com/errata/RHSA-2018:0287 https://bugzilla.gnome.org/show_bug.cgi?id=783160 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/727039 https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2018/dsa-4086 https://access.redhat. • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-15420 – chromium-browser: url spoofing in omnibox

https://notcve.org/view.php?id=CVE-2017-15420

Incorrect handling of back navigations in error pages in Navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. La gestión incorrecta de la navegación hacia atrás en las páginas de error en Navigation en Google Chrome, en versiones anteriores a la 63.0.3239.84, permitía que un atacante remoto suplantase el contenido de Omnibox mediante una página HTML manipulada. • http://www.securitytracker.com/id/1040282 https://access.redhat.com/errata/RHSA-2017:3401 https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html https://crbug.com/777419 https://security.gentoo.org/glsa/201801-03 https://www.debian.org/security/2017/dsa-4064 https://www.debian.org/security/2018/dsa-4103 https://access.redhat.com/security/cve/CVE-2017-15420 https://bugzilla.redhat.com/show_bug.cgi?id=1523135 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0

CVE-2017-1000410 – kernel: Stack information leak in the EFS element

https://notcve.org/view.php?id=CVE-2017-1000410

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. • http://seclists.org/oss-sec/2017/q4/357 http://www.securityfocus.com/bid/102101 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://access.redhat.com/errata/RHSA-2018:1319 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 1

CVE-2017-7843 – Mozilla: Web worker in Private Browsing mode can write IndexedDB data

https://notcve.org/view.php?id=CVE-2017-7843

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1. Cuando se utiliza el modo Navegación Privada, es posible que un trabajador web escriba datos persistentes en IndexedDB y realice fingerprinting en un usuario de forma única. IndexedDB no debería estar disponible en modo Navegación Privada y estos datos almacenados persistirán en varias sesiones en modo Navegación Privada porque no se borran al cerrar. • http://www.securityfocus.com/bid/102039 http://www.securityfocus.com/bid/102112 http://www.securitytracker.com/id/1039954 https://access.redhat.com/errata/RHSA-2017:3382 https://bugzilla.mozilla.org/show_bug.cgi?id=1410106 https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html https://www.debian.org/security/2017/dsa-4062 https://www.mozilla.org/security/advisories/mfsa2017-27 https://www.mozilla.org/security/advisories/mfsa2017-28 https://access.redhat.com/securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •

CVSS: 7.5EPSS: 91%CPEs: 15EXPL: 0

CVE-2017-15275 – samba: Server heap-memory disclosure

https://notcve.org/view.php?id=CVE-2017-15275

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. Las versiones anteriores a la 4.7.3 de Samba podrían permitir que atacantes remotos obtengan información sensible aprovechando el error del servidor para borrar la memoria dinámica (heap) asignada. A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server. • http://www.securityfocus.com/bid/101908 http://www.securitytracker.com/id/1039855 http://www.ubuntu.com/usn/USN-3486-1 http://www.ubuntu.com/usn/USN-3486-2 https://access.redhat.com/errata/RHSA-2017:3260 https://access.redhat.com/errata/RHSA-2017:3261 https://access.redhat.com/errata/RHSA-2017:3278 https://lists.debian.org/debian-lts-announce/2017/11/msg00029.html https://security.gentoo.org/glsa/201805-07 https://support.hpe.com/hpsc/doc/public/display?docLoc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •