35 results (0.011 seconds)

CVSS: 6.8EPSS: 1%CPEs: 14EXPL: 0

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. La función resolve_redirects en sessions.py en requests 2.1.0 hasta 2.5.3 permite a atacantes remotos realizar ataques de fijación de sesión a través de una cookie sin valor de anfitrión en una redirección. • http://advisories.mageia.org/MGASA-2015-0120.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153594.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:133 http://www.openwall.com/lists/oss-security/2015/03/14/4 http://www.openwall.com/lists/oss-security/2015/03/15/1 http://www.ubuntu.com/usn/USN-2531-1 https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc https://warehouse.python.org/project/requests/2.6.0 •

CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet. Error de superación de límite (off-by-one) en la función pcapng_read en wiretap/pcapng.c en el analizador sintáctico pcapng en Wireshark 1.10.x anterior a 1.10.13 y 1.12.x anterior a 1.12.4 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de la aplicación) a través de un identificador de la interfaz Interface Statistics Block (ISB) inválido en un paquete manipulado. • http://advisories.mageia.org/MGASA-2015-0117.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1460.html http://www.debian.org/security/2015/dsa-3210 http://www.mandriva.com/security/advisories?name=MDVSA-2015:183 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72944 http://www.securitytra • CWE-189: Numeric Errors CWE-193: Off-by-one Error •

CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. epan/dissectors/packet-wcp.c en el disector WCP en Wireshark 1.10.x anterior a 1.10.13 y 1.12.x anterior a 1.12.4 no inicializa correctamente una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de la aplicación) a través de un paquete manipulado que no se maneja correctamente durante la decompresión. • http://advisories.mageia.org/MGASA-2015-0117.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://www.debian.org/security/2015/dsa-3210 http://www.mandriva.com/security/advisories?name=MDVSA-2015:183 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72942 http://www.securitytracker.com/id/1031858 http://www.wireshark.org/securit • CWE-19: Data Processing Errors CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet. Desbordamiento de enteros en la función dissect_tnef en epan/dissectors/packet-tnef.c en el disector TNEF en Wireshark 1.10.x anterior a 1.10.13 y 1.12.x anterior a 1.12.4 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un campo de longitud manipulado en un paquete. • http://advisories.mageia.org/MGASA-2015-0117.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00038.html http://rhn.redhat.com/errata/RHSA-2015-1460.html http://www.debian.org/security/2015/dsa-3210 http://www.mandriva.com/security/advisories?name=MDVSA-2015:183 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/72941 http://www.securitytracker.com/id/1031858 http://www.wireshark.org/security/wnpa-sec-2015-10& • CWE-189: Numeric Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.1EPSS: 1%CPEs: 7EXPL: 0

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. GNU parche 2.7.2 y anteriores permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria y error de segmentación) mediante un archivo diff manipulado. • http://advisories.mageia.org/MGASA-2015-0068.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html http://www.openwall.com/lists/oss-security/2015/01/22/7 http://www.securityfocus.com/bid/72286 http://www.ubuntu.com/usn/USN-2651-1 https://bugzilla.redhat.com/show_bug.cgi?id=1185262 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944 • CWE-399: Resource Management Errors •