Page 98 of 1039 results (0.011 seconds)

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Se encontraron vulnerabilidades de escalado de privilegios en los scripts de inicialización de Red Hat de PostgreSQL. Un atacante con acceso a la cuenta de usuario de postgres podría usar estas vulnerabilidades para obtener acceso root en la máquina del servidor. • http://www.securitytracker.com/id/1039983 https://access.redhat.com/errata/RHSA-2017:3402 https://access.redhat.com/errata/RHSA-2017:3403 https://access.redhat.com/errata/RHSA-2017:3404 https://access.redhat.com/errata/RHSA-2017:3405 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097 https://access.redhat.com/security/cve/CVE-2017-15097 https://bugzilla.redhat.com/show_bug.cgi?id=1508985 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. • http://seclists.org/oss-sec/2017/q4/357 http://www.securityfocus.com/bid/102101 https://access.redhat.com/errata/RHSA-2018:0654 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1130 https://access.redhat.com/errata/RHSA-2018:1170 https://access.redhat.com/errata/RHSA-2018:1319 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0

A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. Un usuario sin privilegios puede montar un sistema de archivos en el espacio de usuario (FUSE) en RHEL 6 o 7 y provocar el cierre inesperado del sistema si una aplicación hace un agujero en un archivo que no termina alineado con un límite de página. • http://www.securityfocus.com/bid/102128 https://access.redhat.com/errata/RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1854 https://bugzilla.redhat.com/show_bug.cgi?id=1520893 https://support.f5.com/csp/article/K42142782?utm_source=f5support&amp%3Butm_medium=RSS https://access.redhat.com/security/cve/CVE-2017-15121 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0

A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution. Se ha detectado que faltaba un parche para un desbordamiento de búfer basado en pila en findTable() en la versión Red Hat de liblouis en versiones anteriores a la la 2.5.4. Un atacante podría provocar una denegación de servicio (DoS) o incluso ejecutar código arbitrario. A missing fix for one stack-based buffer overflow in findTable() for CVE-2014-8184 was discovered. • https://access.redhat.com/errata/RHSA-2017:3384 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15101 https://access.redhat.com/security/cve/CVE-2017-15101 https://bugzilla.redhat.com/show_bug.cgi?id=1511023 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 1

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1. Cuando se utiliza el modo Navegación Privada, es posible que un trabajador web escriba datos persistentes en IndexedDB y realice fingerprinting en un usuario de forma única. IndexedDB no debería estar disponible en modo Navegación Privada y estos datos almacenados persistirán en varias sesiones en modo Navegación Privada porque no se borran al cerrar. • http://www.securityfocus.com/bid/102039 http://www.securityfocus.com/bid/102112 http://www.securitytracker.com/id/1039954 https://access.redhat.com/errata/RHSA-2017:3382 https://bugzilla.mozilla.org/show_bug.cgi?id=1410106 https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html https://www.debian.org/security/2017/dsa-4062 https://www.mozilla.org/security/advisories/mfsa2017-27 https://www.mozilla.org/security/advisories/mfsa2017-28 https://access.redhat.com/securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •