Page 9 of 58 results (0.022 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. Una vulnerabilidad de XML External Entity (XEE) en libexpat versión 2.2.0 y anteriores (Expat XML Parser Library) permite que los atacantes consigan que el analizador entre en un bucle infinito utilizando una definición de entidad externa mal formada desde una DTD externa. • http://www.debian.org/security/2017/dsa-3898 http://www.openwall.com/lists/oss-security/2017/06/17/7 http://www.securityfocus.com/bid/99276 http://www.securitytracker.com/id/1039427 https://github.com/libexpat/libexpat/blob/master/expat/Changes https://libexpat.github.io/doc/cve-2017-9233 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40% • CWE-611: Improper Restriction of XML External Entity Reference CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. Desbordamiento de enteros durante el análisis de XML mediante la biblioteca Expat. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50. • http://www.securityfocus.com/bid/94337 http://www.securitytracker.com/id/1037298 http://www.securitytracker.com/id/1039427 https://bugzilla.mozilla.org/show_bug.cgi?id=1274777 https://www.debian.org/security/2017/dsa-3898 https://www.mozilla.org/security/advisories/mfsa2016-89 • CWE-190: Integer Overflow or Wraparound •

CVSS: 10.0EPSS: 2%CPEs: 30EXPL: 1

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. Desbordamiento de entero en la función get_data en zipimport.c en CPython (también conocido como Python) en versiones anteriores a 2.7.12, 3.x en versiones anteriores a 3.4.5 y 3.5.x en versiones anteriores a 3.5.2 permite a atacantes remotos tener impacto no especificado a través de un valor de tamaño de datos negativo, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution. • https://github.com/insuyun/CVE-2016-5636 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2016-2586.html http://www.openwall.com/lists/oss-security/2016/06/15/15 http://www.openwall.com/lists/oss-security/2016/06/16/1 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.securityfocus.com/bid/91247 http://www.securitytracker.com/id/1038138 http://www.splunk.com/view/SP-CAAAP • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 0%CPEs: 45EXPL: 1

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. Los cifrados DES y Triple DES, como se usan en los protocolos TLS, SSH e IPSec y otros protocolos y productos, tienen una cota de cumpleaños de aproximadamente cuatro mil millones de bloques, lo que facilita a atacantes remotos obtener datos de texto plano a través de un ataque de cumpleaños contra una sesión cifrada de larga duración, según lo demostrado por una sesión HTTPS usando Triple DES en modo CBC, también conocido como un ataque "Sweet32". A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. IBM Informix Dynamic Server suffers from dll injection, PHP code injection, and heap buffer overflow vulnerabilities. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 6.5EPSS: 1%CPEs: 30EXPL: 1

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." La librería smtplib en CPython (también conocido como Python) en versiones anteriores a 2.7.12, 3.x en versiones anteriores a 3.4.5 y 3.5.x en versiones anteriores a 3.5.2 no devuelve un error cuando StartTLS falla, lo que podría permitir a atacantes man-in-the-middle eludir las protecciones TLS mediante el aprovechamiento de una posición de red entre el cliente y el registro para bloquear el comando StartTLS, también conocido como un "ataque de decapado StartTLS". It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. • https://www.exploit-db.com/exploits/43500 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2016-1626.html http://rhn.redhat.com/errata/RHSA-2016-1627.html http://rhn.redhat.com/errata/RHSA-2016-1628.html http://rhn.redhat.com/errata/RHSA-2016-1629.html http://rhn.redhat.com/errata/RHSA-2016-1630.html http://www.openwall.com/lists/oss-security/2016/06/14/9 http://www.securityfocus.com/bid/91225 http:& • CWE-693: Protection Mechanism Failure •