Page 9 of 318 results (0.022 seconds)

CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. Los campos RSS pueden inyectar nuevas líneas en la estructura del correo electrónico creado, modificando el cuerpo del mensaje. La vulnerabilidad afecta a las versiones anteriores a la 52.5.2 de Thunderbird. • http://www.securityfocus.com/bid/102258 http://www.securitytracker.com/id/1040123 https://access.redhat.com/errata/RHSA-2018:0061 https://bugzilla.mozilla.org/show_bug.cgi?id=1411699 https://lists.debian.org/debian-lts-announce/2017/12/msg00026.html https://www.debian.org/security/2017/dsa-4075 https://www.mozilla.org/security/advisories/mfsa2017-30 https://access.redhat.com/security/cve/CVE-2017-7848 https://bugzilla.redhat.com/show_bug.cgi?id=1530192 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 10.0EPSS: 95%CPEs: 66EXPL: 0

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. La función tcpmss_mangle_packet en net/netfilter/xt_TCPMSS.c en el kernel de Linux, en versiones anteriores a la 4.11 y en versiones 4.9.x anteriores a la 4.9.36, permite que atacantes remotos provoquen una denegación de servicio (uso de memoria previamente liberada y corrupción de memoria) o, posiblemente, otro tipo de impacto sin especificar aprovechando la presencia de xt_TCPMSS en una acción iptables. The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901 http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html http://lists.opensuse.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0

When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. Cuando las funciones apr_time_exp*() o apr_os_exp_time*() se invocan con un valor del campo no válido en Apache Portable Runtime APR 1.6.2 y anteriores, se podría acceder a la memoria fuera de límites convirtiendo este valor en un valor apr_time_exp_t, revelando potencialmente el contenido de otro valor de memoria dinámica estática. También podría desembocar en la terminación del programa, representando una vulnerabilidad de divulgación de información o de denegación de servicio en aplicaciones que llaman a esas funciones APR con entradas externas no validadas. An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. • http://www.apache.org/dist/apr/Announcement1.x.html http://www.openwall.com/lists/oss-security/2021/08/23/1 http://www.securityfocus.com/bid/101560 http://www.securitytracker.com/id/1042004 https://access.redhat.com/errata/RHSA-2017:3270 https://access.redhat.com/errata/RHSA-2017:3475 https://access.redhat.com/errata/RHSA-2017:3476 https://access.redhat.com/errata/RHSA-2017:3477 https://access.redhat.com/errata/RHSA-2018:0316 https://access.redhat.com/errata/RHSA • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers. La biblioteca net/http en net/http/transfer.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente cabeceras HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de peticiones HTTP mediante una petición con dos cabeceras Content-length. HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error (the second field is ignored), and invalid fields are parsed as valid (for example, "Content Length:" with a space in the middle is accepted). A non-authenticated attacker could exploit these flaws to bypass security controls, perform web-cache poisoning, or alter the request/response map (denial of service). • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html http://rhn.redhat.com/errata/RHSA-2016-1538.html http://seclists.org/oss-sec/2015/q3/237 http://seclists.org/oss-sec/2015/q3/292 http://seclists.org/oss-sec/2015/q3/294 https://bugzilla.redhat.com/show_bug.cgi?id=1250352 https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f https://access.redhat.c • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 0

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length." La biblioteca net/http en net/textproto/reader.go en Go en versiones anteriores a la 1.4.3 no analiza sintácticamente claves de cabecera HTTP correctamente, lo que permite que atacantes remotos lleven a cabo ataques de contrabando de peticiones HTTP mediante un espacio en lugar de un guión, tal y como se muestra en "Content Length", en lugar de "Content-Length". HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error (the second field is ignored), and invalid fields are parsed as valid (for example, "Content Length:" with a space in the middle is accepted). A non-authenticated attacker could exploit these flaws to bypass security controls, perform web-cache poisoning, or alter the request/response map (denial of service). • http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html http://rhn.redhat.com/errata/RHSA-2016-1538.html http://seclists.org/oss-sec/2015/q3/237 http://seclists.org/oss-sec/2015/q3/292 http://seclists.org/oss-sec/2015/q3/294 http://www.securityfocus.com/bid/76281 https://bugzilla.redhat.com/show_bug.cgi?id=1250352 https://github.com/golang/go/commit/117ddcb83d7f42d • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •