Page 9 of 50 results (0.022 seconds)

CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0

CVE-2017-9735

https://notcve.org/view.php?id=CVE-2017-9735

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. Jetty hasta la versión 9.4.x es propenso a una sincronización de canal en util/security/Password.java, lo que facilita que atacantes remotos obtengan acceso observando el tiempo transcurrido antes de rechazar contraseñas incorrectas. SR 760 Feeder Protection Relay, en versiones de firmware anteriores a la 7.47; SR 469 Motor Protection Relay, en versiones de firmware anteriores a la 5.23; SR 489 Generator Protection Relay, en versiones de firmware anteriores a la 4.06; SR 745 Transformer Protection Relay, en versiones de firmware anteriores a la 5.23; SR 369 Motor Protection Relay, en todas las versiones de firmware; Multilin Universal Relay, en versiones de firmware 6.0 y anteriores; y Multilin URplus (D90, C90, B95), en todas las versiones. Las versiones en texto cifrado de contraseñas de usuario fueron creadas con un vector de inicialización no aleatorio, dejándolas expuestas a ataques de diccionario. El texto cifrado de las contraseñas de usuario se pueden obtener del panel LCD de los productos afectados y a través de los comandos Modbus enviados. • http://www.securityfocus.com/bid/99104 https://bugs.debian.org/864631 https://github.com/eclipse/jetty.project/issues/1556 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/36870f6c51f5bc25e6f7bb1fcace0e57e81f1524019b11f466738559%40%3Ccommon-dev.hadoop.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f887a5978f5e • CWE-203: Observable Discrepancy •

CVSS: 7.5EPSS: 52%CPEs: 87EXPL: 1

CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS

https://notcve.org/view.php?id=CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL definió el procesamiento de paquetes ALERT durante una negociación de conexión. Un atacante remoto podría emplear este fallo para hacer que un servidor TLS/SSL consuma una cantidad excesiva de recursos de CPU y fracase a la hora de aceptar conexiones de otros clientes. A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. • https://github.com/cujanovic/CVE-2016-8610-PoC http://rhn.redhat.com/errata/RHSA-2017-0286.html http://rhn.redhat.com/errata/RHSA-2017-0574.html http://rhn.redhat.com/errata/RHSA-2017-1415.html http://rhn.redhat.com/errata/RHSA-2017-1659.html http://seclists.org/oss-sec/2016/q4/224 http://www.securityfocus.com/bid/93841 http://www.securitytracker.com/id/1037084 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.1EPSS: 97%CPEs: 68EXPL: 10

CVE-2015-7547 – glibc - 'getaddrinfo' Stack Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2015-7547

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. Múltiples desbordamientos de buffer basado en pila en las funciones (1) send_dg y (2) send_vc en la librería libresolv en la librería GNU C (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una respuesta DNS manipulada que desencadenan una llamada a la función getaddrinfo con la familia de direcciones AF_UNSPEC o AF_INET6, en relación con la ejecución de "consultas duales A/AAAA DNS" y el módulo libnss_dns.so.2 NSS. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. • https://www.exploit-db.com/exploits/39454 https://www.exploit-db.com/exploits/40339 https://github.com/fjserna/CVE-2015-7547 https://github.com/cakuzo/CVE-2015-7547 https://github.com/Stick-U235/CVE-2015-7547-Research https://github.com/t0r0t0r0/CVE-2015-7547 https://github.com/babykillerblack/CVE-2015-7547 https://github.com/Amilaperera12/Glibc-Vulnerability-Exploit-CVE-2015-7547 https://github.com/miracle03/CVE-2015-7547-master https://github.com/bluebluelan/CVE-2015-7547&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 10.0EPSS: 97%CPEs: 33EXPL: 20

CVE-2015-0235 – Exim ESMTP 4.80 - glibc gethostbyname Denial of Service

https://notcve.org/view.php?id=CVE-2015-0235

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores relacionados con la funciín (1) gethostbyname o (2) gethostbyname2, también conocido como 'GHOST.' A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. • https://www.exploit-db.com/exploits/35951 https://www.exploit-db.com/exploits/36421 https://github.com/aaronfay/CVE-2015-0235-test https://github.com/makelinux/CVE-2015-0235-workaround https://github.com/sUbc0ol/CVE-2015-0235 https://github.com/mikesplain/CVE-2015-0235-cookbook https://github.com/tobyzxj/CVE-2015-0235 https://github.com/adherzog/ansible-CVE-2015-0235-GHOST http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux http:/ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 89%CPEs: 345EXPL: 17

CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. GNU Bash hasta 4.3 bash43-025 procesa cadenas finales después de la definición malformada de funciones en los valores de variables de entorno, lo que permite a atacantes remotos escribir hacia ficheros o posiblemente tener otro impacto desconocido a través de un entorno manipulado, tal y como se ha demostrado por vectores que involucran la característica ForceCommand en sshd OpenSSH, los módulos mod_cgi y mod_cgid en el Apache HTTP Server, scripts ejecutados por clientes DHCP no especificados, y otras situaciones en la cual establecer el entorno ocurre a través de un límite privilegiado de la ejecución de Bash. Nota: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-6271. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. • https://www.exploit-db.com/exploits/34777 https://www.exploit-db.com/exploits/34895 https://www.exploit-db.com/exploits/34839 https://www.exploit-db.com/exploits/36503 https://www.exploit-db.com/exploits/36504 https://www.exploit-db.com/exploits/34766 https://www.exploit-db.com/exploits/35115 https://www.exploit-db.com/exploits/36933 https://www.exploit-db.com/exploits/34765 https://www.exploit-db.com/exploits/34860 https://www.exploit-db.com/exploits/34879 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •