Page 89 of 588 results (0.012 seconds)

CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. popd en bash podrían permitir a usuarios locales eludir el shell restringido y provocar un uso después de liberación de memoria a través de una dirección manipulada. A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. • http://rhn.redhat.com/errata/RHSA-2017-0725.html http://www.openwall.com/lists/oss-security/2016/11/17/5 http://www.openwall.com/lists/oss-security/2016/11/17/9 http://www.securityfocus.com/bid/94398 https://access.redhat.com/errata/RHSA-2017:1931 https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html https://security.gentoo.org/glsa/201701-02 https://access.redhat.com/security/cve/CVE-2016-9401 https://bugzilla.redhat.com/show_bug.cgi?id=1396383 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. El servidor HTTP Apache, en todas las distribuciones anteriores a la 2.2.32 y la 2.4.25 era liberal en el espacio en blanco aceptado de peticiones y enviado en lineas y cabeceras de respuesta. La aceptación de estos comportamientos diferentes representaba un problema a nivel de seguridad cuando httpd participa en cualquier cadena de proxies o interactúa con servidores de aplicaciones backend, ya sea mediante mod_proxy o utilizando mecanismos CGI convencionales y puede dar lugar al tráfico de peticiones, división de respuestas y contaminación de la caché. It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. • http://rhn.redhat.com/errata/RHSA-2017-1415.html http://www.debian.org/security/2017/dsa-3796 http://www.securityfocus.com/bid/95077 http://www.securitytracker.com/id/1037508 https://access.redhat.com/errata/RHSA-2017:0906 https://access.redhat.com/errata/RHSA-2017:1161 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 https://access.redhat.com/errata/RHSA-2017:1721 https://h20566.www2.hpe.com/hpsc/doc/public/display • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 5%CPEs: 92EXPL: 0

NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. NTP en versiones anteriores a 4.2.8p9 limita la clasificación de respuestas recibidas desde las fuentes configuradas cuando la limitación de clasificación para todas las asociaciones está habilitado, lo que permite a atacantes remotos provocar una denegación de servicio (prevenir las respuestas de las fuentes) enviando respuestas con una dirección de origen suplantada. It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. • http://nwtime.org/ntp428p9_release http://rhn.redhat.com/errata/RHSA-2017-0252.html http://support.ntp.org/bin/view/Main/NtpBug3071 http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities http://www.securityfocus.com/bid/94451 http://www.securitytracker.com/id/1037354 https://bto.bluecoat.com/security-advisory/sa139 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us https://security.FreeBSD.org/advisories/FreeBSD-SA- • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. Se ha descubierto que Samba, en versiones anteriores a la 4.5.3, 4.4.8 y 4.3.13, siempre solicitaba tickets que podían reenviarse al emplear la autenticación de Kerberos. Un servicio al que Samba se ha autenticado con Kerberos podría emplear el ticket para suplantar Samba con otros usuarios de servicios o dominios. It was found that Samba always requested forwardable tickets when using Kerberos authentication. • http://rhn.redhat.com/errata/RHSA-2017-0494.html http://rhn.redhat.com/errata/RHSA-2017-0495.html http://rhn.redhat.com/errata/RHSA-2017-0662.html http://rhn.redhat.com/errata/RHSA-2017-0744.html http://www.securityfocus.com/bid/94988 http://www.securitytracker.com/id/1037494 https://access.redhat.com/errata/RHSA-2017:1265 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125 https://www.samba.org/samba/security/CVE-2016-2125.html https://access.redhat.c • CWE-20: Improper Input Validation CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. El botón de la barra de herramientas Pocket, una vez se activa, escucha eventos lanzados desde sus propias páginas, pero no verifica el origen de los eventos entrantes. • http://rhn.redhat.com/errata/RHSA-2016-2946.html http://rhn.redhat.com/errata/RHSA-2016-2973.html http://www.securityfocus.com/bid/94885 http://www.securitytracker.com/id/1037461 https://bugzilla.mozilla.org/show_bug.cgi?id=1320039 https://security.gentoo.org/glsa/201701-15 https://www.mozilla.org/security/advisories/mfsa2016-94 https://www.mozilla.org/security/advisories/mfsa2016-95 https://access.redhat.com/security/cve/CVE-2016-9902 https://bugzilla.redhat.com/show_bu • CWE-346: Origin Validation Error •