243 results (0.019 seconds)

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. Existe una vulnerabilidad en libgwenhywfar hasta la versión 4.12.0 debido al uso de certificados de CA empaquetados obsoletos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174484.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174540.html http://lists.opensuse.org/opensuse-updates/2018-01/msg00038.html https://bugzilla.redhat.com/show_bug.cgi?id=1272503 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 2

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. Un script postinstall en el dovecot rpm, permite a usuarios locales leer el contenido de los archivos de clave SSL/TLS recientemente creados. • http://lists.opensuse.org/opensuse-updates/2016-11/msg00096.html https://bugzilla.redhat.com/show_bug.cgi?id=1346055 https://bugzilla.suse.com/show_bug.cgi?id=984639 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 2.4EPSS: 0%CPEs: 6EXPL: 1

gdm3 3.14.2 and possibly later has an information leak before screen lock gdm3 versión 3.14.2 y posiblemente después, tiene una filtrado de información antes del bloqueo de pantalla • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000002 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000002 https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000002.json https://security-tracker.debian.org/tracker/CVE-2016-1000002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. La fórmula de forma plural en la familia de llamadas ngettext en php-gettext versiones anteriores a la versión 1.0.12, permite a atacantes remotos ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-updates/2017-02/msg00015.html http://seclists.org/fulldisclosure/2016/Aug/76 http://www.openwall.com/lists/oss-security/2017/01/18/4 http://www.securityfocus.com/bid/95754 https://bugzilla.redhat.com/show_bug.cgi?id=1367462 https://launchpad.net/php-gettext/trunk/1.0.12 https://lwn.net/Alerts/708838 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. La insuficiente validación de datos en Blink en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto realizara una falsificación de dominio a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/962368 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-346: Origin Validation Error •