Page 96 of 580 results (0.015 seconds)

CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. Mozilla Firefox en versiones anteriores a 44.0 en Android permite a atacantes remotos suplantar la barra de direcciones a través del método scrollTo. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-09.html http://www.securityfocus.com/bid/81948 http://www.securitytracker.com/id/1034825 https://bugzilla.mozilla.org/show_bug.cgi?id=1228590 https://security.gentoo.org/glsa/201605-06 • CWE-17: DEPRECATED: Code •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access. La función KaxInternalBlock::ReadData en libMatroska en versiones anteriores a 1.4.4 permite a atacantes dependientes del contexto obtener información sensible desde la memoria dinámica de proceso a través de un EBML lacing manipulado, lo que desencadena un acceso a memoria no válido. • http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html http://www.debian.org/security/2016/dsa-3526 https://github.com/Matroska-Org/libmatroska/blob/release-1.4.4/ChangeLog https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. El código Montgomery de Int.Exp en la librería math/big en Go 1.5.x en versiones anteriores a 1.5.3 no maneja correctamente la propagación acarreo y produce una salida incorrecta, lo que facilita a atacantes obtener claves privadas RSA a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175642.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176179.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00077.html http://www.openwall.com/lists/oss-security/2015/12/21/6 http://www.openwall.com/lists/oss-security/2015/12/22/9 http://www.openwall.com/lists/oss-security/2016/01/13/7 https://github.com/golang/go/issues/13515 https://go-review.googlesource.com/&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0

Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. Mozilla Firefox 43.x no maneja adecuadamente los intentos de conexión al servicio Application Reputation, lo que hace que sea más fácil para atacantes remotos desencadenar una descarga involuntaria , aprovechando la ausencia de datos de reputación. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-11.html http://www.securityfocus.com/bid/81949 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1237103 https://security.gentoo.org/glsa/201605-06 • CWE-19: Data Processing Errors •

CVSS: 9.3EPSS: 2%CPEs: 4EXPL: 0

The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer during processing of a ZIP archive. La función nsZipArchive en Mozilla Firefox en versiones anteriores a 44.0 podría permitir a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento del uso incorrecto de un puntero durante el procesamiento de un archivo ZIP . • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.mozilla.org/security/announce/2016/mfsa2016-10.html http://www.securityfocus.com/bid/81950 http://www.securitytracker.com/id/1034825 http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2880-2 https://bugzilla.mozilla.org/show_bug.cgi?id=1214782 https://security.gentoo.org/glsa/201605-06 •