Page 10 of 88 results (0.015 seconds)

CVSS: 7.5EPSS: 91%CPEs: 54EXPL: 0

CVE-2020-13934 – tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS

https://notcve.org/view.php?id=CVE-2020-13934

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. Una conexión directa h2c a Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M6, versiones 9.0.0.M5 hasta 9.0.36 y versiones 8.5.1 hasta 8.5.56, no publicó el procesador HTTP/1.1 después de la actualización a HTTP/2. Si un número suficiente de tales peticiones fueron hechas, podría ocurrir una OutOfMemoryException conllevando a una denegación de servicio A flaw was found in Apache Tomcat, where an h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests are made, an OutOfMemoryException could occur, leading to a denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html https://lists.apache.org/thread.html/r61f411cf82488d6ec213063fc15feeeb88e31b0ca9c29652ee4f962e%40%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/ra072b1f786e7d139e86f1d1145572e0ff71cef38a96d9c6f5362aac8%40%3Cdev.tomcat.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/07/msg00017.html https://security.netapp.com/advisory/ntap-20200724-0003 https://usn • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 1

CVE-2020-15358 – sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c

https://notcve.org/view.php?id=CVE-2020-15358

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. En SQLite versiones anteriores a 3.32.3, el archivo select.c maneja inapropiadamente la optimización query-flattener, conllevando a un desbordamiento de la pila de multiSelectOrderBy debido al uso inapropiado de las propiedades transitivas para la propagación constante A heap buffer overflow was found in SQLite in the query flattening optimization technique. This flaw allows an attacker to execute SQL statements to crash the application, resulting in a denial of service. • http://seclists.org/fulldisclosure/2020/Dec/32 http://seclists.org/fulldisclosure/2020/Nov/19 http://seclists.org/fulldisclosure/2020/Nov/20 http://seclists.org/fulldisclosure/2020/Nov/22 http://seclists.org/fulldisclosure/2021/Feb/14 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200709-0001 https://support.apple.com/kb/HT211843 https://support.apple.com/kb/HT211844 https • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 8.1EPSS: 3%CPEs: 21EXPL: 1

CVE-2020-14195 – jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory

https://notcve.org/view.php?id=CVE-2020-14195

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja inapropiadamente la interacción entre los gadgets de serialización y escritura, relacionada con org.jsecurity.realm.jndi.JndiRealmFactory (también se conoce como org.jsecurity) A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/Al1ex/CVE-2020-14195 https://github.com/FasterXML/jackson-databind/issues/2765 https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html https://security.netapp.com/advisory/ntap-20200702-0003 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpuoct2021. • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.1EPSS: 4%CPEs: 22EXPL: 0

CVE-2020-14061 – jackson-databind: serialization in weblogic/oracle-aqjms

https://notcve.org/view.php?id=CVE-2020-14061

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja incorrectamente la interacción entre los gadgets de serialización y la escritura, relacionada con oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, y oracle.jms.AQjmsXAConnectionFactory (también se conoce como weblogic/oracle-aqjms) A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/FasterXML/jackson-databind/issues/2698 https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://security.netapp.com/advisory/ntap-20200702-0003 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuo • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 2

CVE-2020-13871

https://notcve.org/view.php?id=CVE-2020-13871

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. SQLite versión 3.32.2, presenta un uso de la memoria previamente liberada en la función resetAccumulator en el archivo select.c porque la reescritura del árbol de análisis para funciones de ventana es demasiado tarde • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN32AGQPMHZRNM6P6L5GZPETOWTGXOKP https://security.gentoo.org/glsa/202007-26 https://security.netapp.com/advisory/ntap-20200619-0002 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.sqlite.org/src/info/79eff1d03831 • CWE-416: Use After Free •