Page 9 of 181 results (0.008 seconds)

CVSS: 9.1EPSS: 0%CPEs: 24EXPL: 0

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. La función strftime en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permite a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posiblemente obtener información sensible a través de un valor de tiempo fuera de rango. It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html http://rhn.redhat.com/errata/RHSA-2017-0680.html http&# • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 97%CPEs: 42EXPL: 0

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no transporta una elección DHE_EXPORT, lo que permite a atacantes man-in-the-middle realizar ataques de degradación del cifrado mediante la rescritura de un ClientHello con DHE remplazado por DHE_EXPORT y posteriormente la rescritura de un ServerHello con DHE_EXPORT remplazado por DHE, también conocido como el problema 'Logjam'. A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. • http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681 http://kb.juniper.net/InfoC • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 2.9EPSS: 0%CPEs: 27EXPL: 0

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. Xen 4.2.x hasta 4.5.x no inicializa ciertos campos, lo que permite a ciertos dominios de servicio remotos obtener información sensible de la memoria a través de una solicitud (1) XEN_DOMCTL_gettscinfo o (2) XEN_SYSCTL_getdomaininfolist. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html http://www.debian.org/security/2015/dsa-3414 h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.22 y versiones anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Server : InnoDB, una vulnerabilidad diferente a CVE-2015-4756. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74085 http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •

CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.23 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74081 http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •