215 results (0.020 seconds)

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module. Cacti versiones hasta 1.2.7, está afectado por múltiples instancias de deserialización no segura de la biblioteca lib/functions.php de datos controlados por parte del usuario para llenar matrices. Un atacante autenticado podría usar esto para influir en los valores de los datos del objeto y controlar las acciones tomadas por Cacti o potencialmente causar una corrupción de la memoria en el módulo PHP. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358 https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109 https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed4 • CWE-502: Deserialization of Untrusted Data CWE-787: Out-of-bounds Write •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. Existe una vulnerabilidad en libgwenhywfar hasta la versión 4.12.0 debido al uso de certificados de CA empaquetados obsoletos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174484.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174540.html http://lists.opensuse.org/opensuse-updates/2018-01/msg00038.html https://bugzilla.redhat.com/show_bug.cgi?id=1272503 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. La insuficiente validación de datos en Blink en Google Chrome antes de 75.0.3770.80 permitió que un atacante remoto realizara una falsificación de dominio a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/962368 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-346: Origin Validation Error •

CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 0

Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. El problema de la duración del proceso en Chrome en Google Chrome en Android antes de 74.0.3729.108 permitió que un atacante remoto pudiera persistir en un proceso explotado a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/940245 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://security.gentoo.org/glsa/201908-18 • CWE-664: Improper Control of a Resource Through its Lifetime •

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. El desbordamiento del búfer del heap en ANGLE en Google Chrome en Windows antes de 74.0.3729.108 permitió que un atacante remoto pudiera explotar la corrupción del montón a través de una página HTML diseñada • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/943709 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://security.gentoo.org/glsa/201908-18 • CWE-787: Out-of-bounds Write •