3 results (0.004 seconds)

CVSS: 7.8EPSS: 82%CPEs: 55EXPL: 0

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de reinicio, lo que puede conducir a una denegación de servicio. El atacante abre una serie de secuencias y envía una solicitud no válida sobre cada secuencia que debería solicitar una secuencia de tramas RST_STREAM del par. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-09 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 6

Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password. Vulnerabilidad de XSS en el formulario de auditaría de registro en McAfee Cloud Single Sign On (SSO) permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de una contraseña manipulada. • https://www.exploit-db.com/exploits/32368 http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html http://seclists.org/fulldisclosure/2014/Mar/325 http://www.exploit-db.com/exploits/32368 http://www.securityfocus.com/bid/66302 https://twitter.com/BrandonPrry/status/445969380656943104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors. Vulnerabilidad de salto de directorio en McAfee Cloud Identity Manager 3.0, 3.1 y 3.5.1, McAfee Cloud Single Sign On (MCSSO) anterior a 4.0.1 e Intel Expressway Cloud Access 360-SSO 2.1 y 2.5 permite a usuarios remotos autenticados leer un archivo no especificado que contiene un hash de la contraseña de administrador a través de vectores desconocidos. • http://secunia.com/advisories/57368 http://secunia.com/advisories/57381 http://www.securityfocus.com/bid/66181 https://kc.mcafee.com/corporate/index?page=content&id=SB10066 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •